How to Handle SmartForms Designer Production Access

  • 5 February 2015
  • 5 replies
  • 1 view
W
Badge +6

Hi all -

 

I have been clamoring for K2 to roll out category security for well over a year now but I have just recently heard that it is not in the next release.  I am starting to wonder if it will ever be released!

 

In the absence of that, I am really hesitant to allow our users to have access to our production K2 SmartForms environment.  Why?  Well, for one, you can delete anyone else's objects in the entire environment.  There is no security whatsoever once you can get to the Designer site.

 

This poses a real challenge for us because we have pushed and want to continue to push K2 SmartForms as the solution for replacing InfoPath in our environment.  Our users have had years of freedom deploying InfoPath forms at will, to our production SharePoint environment.

 

What are others doing that have a similar challenge as us?  Is there a workaround?  Right now, users just can't get to the SmartForms Designer site in production.

 

Brandon

5 replies

A
Userlevel 1
Badge +8

Hi Brandon

 

I have used IIS .NET Authorization Rules to solve this in the past.

 

In IIS select the K2/Designer site and open the NET Authorization Rules. You can then grant and deny user and groups access to the designer site.

A
Userlevel 1
Badge +8

Brandon, it looks like there are some limitations to using groups in Authorization Rules  (Not .NET Authorization Rules as per my previous reply) in 1.0.7.

 

Have a look at the following KB article explaining how to configure, and then the forum article explaining the limitations.

 

Also, if you do use this method, remember to add the K2 service account in (as well as the app pool account), otherwise you might get some strange behaviour.

 

http://help.k2.com/kb001309#

 

http://community.k2.com/t5/K2-blackpearl/Restrict-Access-to-K2-Smartforms-Designer-on-1-0-6/m-p/74147#M21599

W
Badge +6

Hi Andrew -

 

Thanks for your response.  I do currently use authorization rules to PREVENT users from accessing production, but the problem is that users really need access to production!

 

You see, how can I sell this as an InfoPath replacement product when I am unable to let users have the flexibility to design their forms directly on the SharePoint production?  I can't let them have SmartForms production access until I can guarantee a person cannot do damage to forms or objects belonging to other users.

 

I can't be the only employee of a company that has this issue, am I?

 

Does anyone know how the integration with SharePoint 2013 and SmartForms works in regards to permissions?  It looks like when a K2 App is added to a list or library, it automatically provisions SmartForm(s) and/or views which the user can then modify.  Is this done under the SharePoint/K2 service account or under the user's identity?

 

Brandon

 

A
Userlevel 1
Badge +8

HI Brandon

 

I see your issue. I have typically only worked in situations where certain people (admins) have access to the production environment designer, and all development work is done on a dev server. If you are wanting people to develop in the production environment then I can see how category permissions would solve your issue. One idea would would be to identify those business users who need to develop forms and then get them to do some basic training before they are granted access to the designer. You can also create backups of forms using P&D in case users do "inadvertently" delete forms. Not sure there is a lot more you can do at this point. 

 

I know that Kimberly-Clarke, who are big K2 users, also allow users to develop forms on their production system, so there are other businesses who have faced this challenge.

 

http://www.k2.com/customers/kimberly-clark

 

W
Badge +6

For the SP 2013 integration with SmartForms, how are permissions handled?   Is it the user or the SharePoint service user who is required to have K2 SmartForms access?

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings