I needed to meet a security requirement for an InfoPath form today. In this business situation, a relatively small number of individuals are allowed to create a new InfoPath form and a much wider audience are allowed to edit it. (Hoc est novum conducere in-boarding forma per Humanum ipsum quod movet workflow).
Ad occursum rei, Ego creavit creata duo novum licentia campester ("Creare et update" et "update tantum"), fregit hereditatem forma bibliotheca et assignari permissions ad "creare, update" user et separata "update tantum" User. The mechanics all worked, but it turned out to be a little more involving than I expected. (Si tibi paulo tremulas in SharePoint permissions, reprehendo ex hoc blog post). The required security configuration for the permission level was not the obvious set of granular permissions. To create an update-only permission level for an InfoPath form, Fecit sequenti:
- Novum licentia gradu.
- Purgare omnes bene.
- Lego tantum sequenti a "List permissions":
- Creare Items
- Considerabit Items
- Considerabit Application Pages
Eligendo haec bene permittit user ad update a forma, sed non creare.
The trick was to enable the "View Application Pages". There isn’t any verbage on the permission level that indicates that’s required for update-only InfoPath forms, sed vertit ex est.
Create-and-Update was even stranger. I followed the same steps, 1 per 3 above. I had to specifically add a "Site Permission" bene: "Use client integration features". Iterum, descriptio ibi non videtur sicut debet requiritur ad InfoPath forma, sed ibi est.
</finem>