Not related to permissions per say, but a method I've used to show/hide fields from specific users is to wrap the field in a panel and add a rule on that panel that leverages the userProfileLookup function to hide the panel unless the current user is the person who should see it.  You can get fancier if needed, but the formula I've used to hide a control from users unless they were in a specific department is as followed:

userProfileLookup({Common:CurrentUser},"Department")!="1234 - The Security Group"

You would need to know the field (AD attribute) you want to check (Department in my case) but you could check any userProfile property which can be seen in Central Administration within the User Profile Service -> User Properties.

Hope that helps.

I used formatting rule based on security group like below on the control that I am willing to hide/disable.

not(fn-IsMemberOfGroup("PrjReq Admins")) 

what the above statement does is it checks if the current logged in user is part of given security group and hides control if the user is not part of. In your case if the observee is not part of security group but any other person field on the form then you can make straight person field value and current user value comparison on the rule and get your functionality work.

Hope that helps!

I took a look at Jaya's idea.  It definitely works with the following scenarios in place:

1. The users must be in the SharePoint Group (ie. PrjReq Admins) directly, and not via an Active Directory group.
2. The inline function fn-IsMemberOfGroup is only available in the Appearance Expressions on an element of the form, not part of a Rule.

Our environment leverages AD groups within SharePoint Groups for security and the IsMemberOfGroup can't interrogate AD groups but I can use the userProfileLookup to compare values of the current user.

I think ‌ and ‌ have given good answers to this question.
Do you think you have gotten the answer that you need, ?

Hello Jaya Borra,

I think your idea works but the observee is not part of any sharepoint group, the form belongs to them and they are identified by a field within the form as 'staff Initials' so I require the 'staff intials' user to only edit one control and all the other controls to be disabled for them.

‌, if that is your scenario, I would suggest something like group all other controls inside one panel and apply disable rule to the panel if IsCurrentUser==StaffInitials

Hi Abdullah,

Thank you for your prompt response, is this the formula for a formatting rule to disable the panel for staff initials ?

I just used this formula to fn-IsCurrentUser(Staff Initials) within the Appearance setting as an expression but it hid the whole panel i still want it to be shown but disabled if the current user is Staff Initials

My idea is something like this. The rule is applied to the panel instead. Used Formatting rule where it get disabled in Edit Mode.

Thank you for your prompt response, I have applied a rule to the pan

el is this correct how i have set it up. Its the first time i am doing a rule so am getting confused. Below is a screenshot of my form and the rule i have applied ot the panel, apologies in advance.

I chnaged the condition within the rule to say currentUser==Staff Initials and I am getting the following error message when editing the form

Any ideas ?

Priya Chohan,

this requirement is much simple to implement than the security group thing, you don't even need any function to call there ,on the control add formatting rule and in the rule box give this stright StaffInitials!=CurrentUser if that control shouldn't be edited for everyone else or vise versa.

see the screenshot below for reference.

Hi Jaya Borra,

This worked and has disabled the panel for the current user. I tested a form with someone else's form so the staff initials are not mine so when I go tot edit someone elses form the panel should not be disabled for me only for the person whose staff initials is on the form.

Is there a function that does this ?

in that case you have to make the condition to == , notice in the above example I used != 

my condition says if the logged person is not staff initials for the form do not allow to edit, if your functionality is opposite then you have to just reverse the equal comparison.

I hope this helps. 

Sorry Jaya Borra, that condition is not working, the staff initials who the form belongs to can still edit the panel. the staff initals is the person who is current user.

Priya Chohan,

there is a chance you are using list item field values for comparison and testing it before even saving the form, save it first and check if the user still able to edit when assign in staff initials field. here I am attaching sample form where the same requirement implemented on simple fields, import on a test list and take a look.

I hope this solves your problem.

attachment missing so putting link here instead XSNFormwith FileMoveCode.zip - Google Drive 

I am using a list item field which displays the "staff initials" and that needs to be true (==) to Current User but its not liking this at all.

So am really stuck.

Sorry jaya i am not sure how to import your test list, any tips. I am using SahrePoint 2013 on-premise, Nintex Forms