Wednesday, February 16, 2011

InfoPath Form Security Checklist / Flowchart

The following graphic should help most of you prevent many security issues with your InfoPath forms.  To be fair, one particular piece of functionality requires a codeplex addon called "SPDActivities" that you may have to convince your SharePoint manager to implement (if he/she hasn't already) or else you would be in SP 2010 and use the impersonation step.  These are the pre-requisites to this chart:
  1. Create the following permission levels -
    • Audit - Copy read and add the ability to "View Usage Data", "Manage Personal Views", and "Enumerate Permissions"...this permission is used for directors and auditors to see everything and do some reporting.
    • Restricted Contribute - Copy contribute and remove the ability to "Delete Items" and "Delete Versions" and "Manage Personal Views"...this is used for users who have to edit an infopath form and, with versioning turned on for the library, they can't delete the original version of the form.
    • Add Only - Copy Read and add the ability to "Add Items"...this is used for users who have to submit a form and need no subsequent access to it (or you want to secure it at that point)
  2. Anonymous Users = users who don't login
  3. Always remember that those with Contribute permissions can easily switch to Explorer view or the Merge/Repair pages to view every form in your library...so, try not to ever give anyone contribute.
  4. A couple of these things will appear redundant - it's to doubly make sure you do them :)

Wednesday, February 2, 2011

Invalid or missing properties when saving an Office document

Sometimes you try to save an office document in SharePoint and it decides that it is missing some properties in something called the 'Document Information Panel'. This panel appears at the top of the Office client (Word, Excel, PowerPoint, etc) with the columns you have created within a document library for users to fill out key information ABOUT a document (often called document metadata) so that you can find that document in the future by using those columns.  Here's the thing:  when you see this error about missing or invalid properties - it usually means you filled out something incorrectly or there's something you forgot to fill out...but not in my case.  In my case, I did a bad, bad thing and created a column called DocType.  NEVER EVER CREATE A COLUMN WITH THE NAME OF DOCTYPE!!!!  It will immediately give you an error aftter you create it that it cannot get the ContentTypeID and will never allow you to edit the column again.

So, I decide that I'm going to fix it by just hiding the column. Well, that makes it so that I get the lovely 'invalid or missing properties' error but then there's no property that I can actually fix! I found a post here:  http://www.novolocus.com/2010/05/10/to-save-to-the-server-correct-the-invalid-or-missing-required-properties/ that shows that you can inspect your document within Office to remove Custom XML data and that that should fix the problem...it lets me then save the document. YAY! BUT....then I can't check the document back in.  So, I HAVE to leave DOCTYPE as an optional column and just tell users not to fill it in.  Moral of story - do NOT create a DocType column or you will see the following error messages:

'Object reference not set to an instance of an object.   at Microsoft.SharePoint.ApplicationPages.BasicFieldEditPage.get_ContentTypeId()'

'To save to the server, correct the invalid or missing required properties.'