Create a secure form

Task:

  • Create a form that every employee can fill. This form will be used to register sick days.
  • After creation, only a select group of employees will be able to view/modify/delete the form.

Limitation:

  • No programming

I first tried InfoPath forms, but I couldn’t find a way to ensure the authorizations. If I create a permissionlevel and say everyone whith this permissionlevel should be able to create items, they’re automatically able to view items. All items in the library.

The perfect solution in my opinion is to create a couple of workflowactions, which make sure the authorizations get set right after the item is created. Since I’m (unfortunately) not allowed to program anything, I had to find another solution.

My Collegeau’s attended a Sharepoint Designer training. They suggested to create a list, instead of using InfoPath and manipulate the pages of the library so that the pages (AllItems.aspx, DispForm.aspx, EditForm.aspx) could only be used by the right group of employees. In my opinion I should authorize the data (listitems), instead of the interface to be really sure no evil person could view and/or manipulate the data.
However I decided to give it a thought.

I believe there are a couple of ways to view/access data in SharePoint:
– By using SharePoint Designer It’s possible to disable this by configuring permissionlevels
– By using the SDK dll’s Someone has to get access to a front
-end server, to get execute an application to access the data, so if we make sure no authorized people have access to the front-ends, we will be safe here.
– By using the SDK Webservices Webservices are accessible by all employees, however this can be disabled by configuring the permissionlevels.
– By using the webinterface of SharePoint (duh!)

This brainstorm gave me the confidence it may be possible.

I found my solution in executing the following steps:

  1. Make sure the list is invisible. This can be done in SharePoint Designer (Navigate to the list > Right-click list > Properties > Settings > Hide from browser
    This way the list won’t be found by navigating in Sharepoint.
  2. Create the audience in the Shared Service Provider. Make sure the right users are member of the audience.
  3. In SharePoint Designer edit the pages Allitems.aspx, DispForm.aspx and EditForm.aspx.
    Search in the webpart for the following tag:
    Supply the ID of the audience you,ve just created like this: ca4cd9d1-f396-4127-a4de-5237cb0255ac;;;;
  4. Disable RSS for the list.
  5. Make sure the list is not searchable
  6. Make sure the sitelevel permissions are configured to disable the use of webservices.

I believe with these steps it’s possible to create a secure form. Any thoughts on this? Let me know!

I hope I helped the community with this post.

1 reactie op “Create a secure form

  1. If the form uses any references that are at the pubesihld URL, it will try and connect, otherwise, the forms most likely will just check to see if there is an update that the user should download. There should be an option in the client that will avoid checking for an update for forms. If you are using a sharepoint list or something along those lines, you can use the option on setting up the data connection to cache data content. Hope this helps some.