Good morning all, I seem to be missing some configuration or methodology with permissions and Form Libraries.
I know domain users need rights to Read from the data conneciton library, but people should not have access to view the tasks that build up in these Form Libraries. Part of the problem is they can click on the xml in there and view the task (which contains info such as an expense request that obviously shouldn't be viewed by anyone.)
I've removed the All Items view from said Forms Lib., so when someone goes to http://eprocess/acct/Expense%20Request/Forms/MyItems.aspx, they only see their entries if they have any. If they try and click any other links to get to a list or other doc/forms lib, they get the Access Denied splash page....However, if they actually type in ..../allitems.aspx at the end of that, they can see the All Items view.
How can you truly lock this down for the average user while still allowing anyone to be able to submit a form?
Many thanks!