My team is recreating InfoPath forms in Nintex O365 and we have a requirement to restrict the approval sections to members of SharePoint Groups. However, the business relies heavily upon security enabled distribution lists, and I'm finding that adding the dlist to the permission group is not working with the form fn-IsMemberOfGroup check. Is this a known limitation? Is there a work around?
Best answer by Jake
View original
+13
Hi @MichelleS
I don't believe distribution lists report members into Sharepoint groups via the API as their members list is held in Azure AD, the Sharepoint is able make that 2 way call to expand membership but we don't have that ability for client side rendering.
A big part of migrating away from InfoPath involves understanding that the one form solution that it forces isn't always the best as form rules are really not 'secure' in any way, with form rules I could just create a grid edit view of the list and change the approval field on the list level and the form couldn't stop me.
A much better approach would be to break the form into Submission and tasks, That way the workflow can create tasks for members of the Sharepoint group and distribution list, those tasks will have individual permissions to the person completing the approval so only they can complete it.
Another approach to this if the one form solution is a must, you could create a workflow that runs on a schedule that takes the members of the distribution list and places them into the Sharepoint group, that way you no longer need to reference the DL just the Sharepoint group.
Hope this helps
Jake
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.