Hi all,
Wanted to ask about K2 smartforms security...
I am working on a sensative form, that once has been submitted, only a Manager should be able to edit afterwards.
In the email sent to the manager, i send a link to the completed form using form parameter passing i.e. myform/?FormID=5 for example
However, i just tried the link using a logged standard user (who is not a manager) and has no connection with the form, and just put URL is with the myform/?FormID=5 and it loaded up....
How can i ensure that only a designated manager/Manager group only access the completed form and that no Tom, **bleep** or Harry can access it...
Also, changing the FormID number to any other number also allows access to it...
For this form to pass, i must have the following to be 100%
1) ANYONE can access and complete the Form
2) ONLY the Manager/Manager group can access the completed form via the link ending in FormID=xxx
I assumed this would be default security, but it obviously isn't...
Can anyone advise please?
Thanks as anyways