InfoPath Dev

We have a tricky permissions issue. We have a solution in place now using item-level permissions, but I would think there's a better way to do this. We do not have Qdabra installed and I don't have much in the ways of procurement power. There are 500+ users that can submit an Infopath form. Each form has information that must only be viewed by a handful of people. They are as follows: * The user who is submitting the form. * The user's assistant. * The user's managers (from 1-4 managers depending on where they are in the food chain). * A group of 3 support people fielding the requests. How we solved it: * Contacted management and got entire organizational structure, including assistants. * Setup management groups (as a user's manager could actually be one person plus that person's deputy). * Created a Sharepoint forms library. * Removed everyone's permissions except the admin from creating in the root of the library. * Created a folder for each user with their name (e.g. "Smith, John C") * For each folder, changed permissions to allow Contribute for only the following: - user - user's assistant - the different management groups that manage the user - the support group that services the requests * For viewing, when a user goes to the library, the default view is one that gets rid of folders and shows all forms still being processed that they can see. The user can flip to All Documents view to see the folders that they have accessed to (for a typical user, this is only their folder, but for an assistant or a manager, it will be multiple folders). * To create a form, the user goes to the library, creates a new form, and then clicks Save. In the Save dialog box, the user sees the folders where they can save, chooses the appropriate one, then saves the document (with the default name). * Support group is notified of new request via an Alert and they work on the item to completion. Now, the security all works because we setup permissions at the folder level and then have the user place the form in the folder to pickup its permissions. To keep permissions clean, I wrote an EXE that traverses the library and builds out a report of the permissions on each folder. We plan to routinely send out this report to managers to confirm that permissions are still set correctly. All-in-all, it was pretty straightforward to implement (there were a couple days of loud music and configuring permissions), but I'm sure there's a different/better/revised way to implement this and am wondering what others have done. I'm comfortable writing code-behind-forms or ASP.NET pages, but it's easier/faster to deploy Infopath forms than getting .aspx deployed. MOSS 2007(Standard), MS Office 2007, AD2003 Looking forward to hearing any feedback.

Hey MightyTook,

That is definitely the hard-knocks way to do it. You might be able to programmatically set Item level perms in MOSS 2007 with some code that calls SharePoint's OM.

Of course, with our Qdabra Web service (trial is free), it's trivial. Just set the Document Level permissions based on a field in your form (for example, current assignment and manager's alias) and pull manager info from AD. Then, put a dataview on the SharePoint site that calls the Web Service to list documents available to current user. One Form Library for all users and two sets of permissions (one for manager and another for assignee) and config the form to set those on new. I'm guessing it would take an hour.

We need to put a how-to video together that shows off this scenario. Anyway, if you'd like to be a testimonial for Qdabra (and beta tester for new stuff), let me know and we can see about doing a special deal for you. Of course, you'll need to have access to the SharePoint server to install the Web Services.

Take care!

I think that ItemPerms and XAML using C# is quite an efficient approach to Item Level Permission on Share Point Lists and libraries. You can set up your list to add a web reference to your C# ItemsPerms file and link it to your InfoPath Form fields respectively. In addtition,  InfoPath provides a code editor for integration of user finely-tuned controls with XAML design viewer for Item level permissions on a per item basis within your Share Point List. I think that end users need to be able to unit test the documents permissions at a site level however, client-based applications are certainly the best for customer credibility. From a developer's persective, when you can actually see the web references connecting to the user controls and allocating permissions in this manner, it certainly provides a very productive web application for your clients.