InfoPath and SharePoint
The other day I was working with InfoPath to create a form for internal use that would allow employees to keep track of their objectives and goals for the month in relation to five key areas. This form would then be stored in a SharePoint document library, where I could then create views to allow the CEO to see how people were doing during the current month and the current quarter. There were additional requirements that involved security, such as no user should be able to see or open other users forms and only the CEO should be able to see the current month and current quarter views on the list.
I began the project looking at it as a learning experience with InfoPath and SharePoint integration. I had read about how easy it is to create the form templates, publish them out to SharePoint, and then aggregate the data or use it in other meaningful ways.
I created my form just fine and set the submit properties to submit it to the SharePoint document library. The trick was going to be setting up security so that users could see their own documents but not anyone elses and also allow the CEO to have his views that no one else could see.
I began doing some research into security trimming views in a SharePoint list and found many people saying that Microsoft did not include this functionality and they were right. Although you can security trim all the way down to items in a list, there is no way to allow certain views to be displayed to some users and other views displayed to other users. I found a blog post that described a hack to get around this. I tried determining who the current user was and then display only those items that they were allowed to see. The problem with this was that the user still had access to all of the views and could modify the views to see whatever they wanted.
I then tried to find a way to build functionality into the InfoPath form to only allow certain users to see certain things. This did not fair all that well either. I could make it so only certain users could see one view on the form and others saw a different view, but when a user tried to open their own form again, they were being sent to the second view when they shouldn't have been.
The next thing I am going to try, is to add some programming logic into the form to see if I can set the permissions on the list item in the SharePoint list. As a last resort I could always add an event handler to the list and set the permissions on each item in the list when it is added. It seems like there should be an easier way to add security to views on a SharePoint list and allow users to see only what they should see.
Labels: filtering SharePoint list views, InfoPath and SharePoint integration
posted by Michael Markel @ 6:14 PM
1 Comments
_526.jpg)
1 Comments:
I'm working on the same thing right now and I abandoned InfoPath for a few reasons (not security-related).
Instead, I'm using plain old Word docs. I want people to see their goals and provide feedback on a daily basis and MOSS is new to them (so is a real Intranet for that matter). So I'm really pushing the Outlook integration which InfoPath lacks.
Using Word docs also mimics functionality that needs little explaining to novice users: managers have a library, each of their employees has a folder. Put each employee's stuff in their folder. When the employee loads the library, they only see one folder--theirs. At the end of the performance cycle, evaluations are archived using "send-to".
When I finally committed to it, the amount of development needed for the project dropped dramatically.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home