Symptoms

 We use InfoPath integrated workflows. We have to give users full control to the InfoPath library to launch the form. When workflows are in flight, an entry appears in the InfoPath library, which all users can see. Some of our workflows have sensitive information in them. Is there a way to secure these InfoPath libraries so that users can still launch a form, but not see it in flight?
 

Diagnoses

K2 InfoPath integration will only create the temporary files if you are using InfoPath form services. If you want to avoid having the temporary files created you should use the InfoPath thick client option for the tasks. In the thick client mode the XML is delivered directly to the user over the network who opens the task and no temporary copy is stored in SharePoint. When Form services is used and the form has to be opened in the browser, K2 will need to store the XML temporarily until the task has been actioned.

 

Resolution

A suggestion is to change the view on the library to hide any files that were created by the K2 Service account as this account will always be the one creating the temporary files. Then lock down the ability to change views.