Home » sharepoint » sharepoint_1 » Implementing a Policy of Only Publishing to SharePoint InfoPath 2010 Forms with Administrator Approval is a Sensible Security Procedure

Implementing a Policy of Only Publishing to SharePoint InfoPath 2010 Forms with Administrator Approval is a Sensible Security Procedure

For enterprise IT organizations planning an implementation of InfoPath 2010 for forms development, it makes sense to design an administrator approval process. The objective of this approval process would be to ensure that only approved forms are published to SharePoint 2010. Taking this step contributes to the security of SharePoint sites, especially when computer based subversive efforts, along with an increasing frequency of similar activity originating from mobile devices are kept in mine.

We offer a video tutorial on this subject, Working with Administrator approved InfoPath form templates. As Asif Rehmani, our instructor for this entire series demonstrates, the InfoPath 2010 Publishing Wizard, itself, offers some security features of its own: ” . . if [we] had code behind in [our form] or if this form were mobile enabled . . . then the first two [publishing] options, Form Library, or Site Content Type, would not have been enabled at all.” In fact, InfoPath 2010 will automatically prohibit access to either of these two publishing options by removing them from the publishing dialogue.

The publishing option that Asif Rehmani selects, “Administrator-Approved”, merely saves the form to either a file share, or somewhere locally (though a file share is preferred for ease of access by an administrator). We also point out that the intended SharePoint location for the form must also be included in order to properly complete the publishing dialog. We also include a demonstration of the steps that an administrator will have to take to review a form and determine suitability of approving it:

  1. an administrator accesses the “Central Administration” screen in SharePoint
  2. then the administrator accesses “General Application Settings”
  3. and clicks on the “Manage Form Templates” link below “InfoPath Form Services”
  4. uploads the form template that has been submitted for approval to this list
  5. clicks on the “Verify” button to task the system with a review of the form to determine any/all errors
  6. and, then completes the upload

Once published to the “InfoPath Form Services” the form template will have to be activated, by the administrator, for a specific Site Collection. We instruct the viewer that this activation can be accomplished in a couple of different ways. The first method includes a right mouse click on the listing for the specific form, clicking on the “Activate to a Site Collection” and then specifying the Site Collection. The second method includes having a site collection administrator selecting “Site Collection Features” from the “Site Settings” menu, which is accessible from the “Site Actions” within the top site of the site collection. The specific form which has been uploaded should show up in this “Site Collection Features” list as simply another feature. The site collection administrator can opt to activate the form from this list of features.

We demonstrate how the form approval process renders the form into a “content type” which is then accessible throughout the site collection.

If you would like to learn more about this type of procedure and, globally, about methods of successfully implementing InfoPath 2010 as an enterprise form publishing method, please do not hesitate to contact us. Please contact us at (630) 786-7026, or Contact Us to further a discussion about this offer. Of course we are happy to speak about your SharePoint development plans, as well.

As ever, use this link to place an order for an annual subscription to SharePoint-Videos instructional content

© Rehmani Consulting Inc, all rights reserved