Different security for foms and lists?
https://sharepoint.stackexchange.com/questions/14861
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it possible to have security so that anyone can fill out a form, but only a small amount of people can see the underlying list? We are implementing an form that can contain sensitive information and as such only those who need to, should be able to view the list.
Solution
For some simple instances, you can use the settings under Item-Level Permissions section which is found in the list settings' Advanced Settings page. Here you can set the list to only allow users to View and Edit their own items. Users involved in workflows to approve/edit other users' items would need to have Manage List Permissions.
OTHER TIPS
This is one of the hairy areas with SharePoint and typically requires you to use mirror lists and elevated workflows to pull it off. Users need to have the ability to add items to a list and therefore it gives them read permissions. You can try to obscure it as much as possible, but you still run the risk of a security breach by security through obscurity.
In 2010, you can run workflows with impersenation so that the list with all the sensitive data most users won't have access to. The intake list would allow users to fill out the form, which impersenates an elevated user account and creates an item in the sensitive list.
An important key is to create a lookup column to tie the two items together, so that you can write data back to the intake item to show status indicators for the user based on the processing of the item created in the sensitive list.
I've done this in 2007 with Nintex workflows executing web service calls to create new list items, so if you're on that version, there's a possibility since impersenation workflows don't exist (presumably without custom code).
