Using InfoPath 2010, SP 2010, stand-alone development VM. Created an IP form that has code behind, published using the "SharePoint Server" publishing method in IP Designer, so that I can deploy it via Cent Admin, which will create a feature for a content type, which I can then add to a Forms library. All works great, code behind and all. I removed inheriting on my Forms library so that I can use a workflow to "Replace Permissions" (using an Impersonation Step), to add custom permissions on each form according to a value set in the form (promoted property). If promoted field value is "ABC", then replace permissions on the form to allow only ABCGroup access to the form (the ABCGroup is setup with Contribute permission). This way the same library can be used by different orgs who can't see forms created by other orgs - all use the same form template. All this works great.
Here's the issue: Being in dev I had too much permission being granted to my test account, it was able to leverage off of the "All Authenticated Users" added to a site level group, so I wasn't truly getting a good test of limiting the site to only users I want. I removed that permission and added my test user to a custom site-level group called ABCGroup, with Contribute permissions. Now they can see lists and libraries in the site, and when they create a form in the forms library, it will be saved and the workflow will add their permission to the form (since the library doesn't inherit parent permissions). Logged in as my test user, could get to the site and the forms library, but when I tried to create a form I got "The following location is in a different site collection: ...siteurl...FormServerTemplates/myform.xsn Access to locations on a different site collection is blocked for security reasons." After some checking, I added Read permissions back to the site for this test user, and that "fixed" it. All it did was give read access to the ..../FormServerTemplates library (which inherits from the parent). What am I doing wrong, I don't think I should have to grant all my users Read access to that FormServerTemplates library should I? I was hoping to be able to add them only to the site-level groups where they belong: ABCGroup, XYXGroup, etc. Now I have to had all those same users to a Read group for the FormServerTemplates library too? I must be doing something wrong in how I deploy or my understanding of using InfoPath with SharePoint (2010).
Thanks for any help,
KevHou