Submit Form to a Secure Location

Forms and security. It is a common requirement to have a form that can be filled out, and when it is submitted, it goes to a location that the form submitter does not have access to. This is tricky because the users need to have contribute access to a list or library in order to create new items in it, but then if they can do that, they can access everything else in the library. There are many variations of this requirement, but in this post, I’ll show how it can be done in a pretty simple way.

General overview: This concept can be done with either a list item or a library. (I’ll just use the term “list” in this overview, just to get the general point across). Create a content type. Create two lists. Add the content type to both lists. List A “New Items” items can be created by anyone on the site, and List B “Locked List” is locked down so that only managers have permissions to access it. When new items are created in “New Items”, a SharePoint Designer workflow runs an impersonation step that copies that item over to the “Locked List”, and then deletes it from the original list.

This solution can be done out of the box with SharePoint 2010 (any version), and SharePoint Online with Office 365.

Since InfoPath is the most common thing that I use to create forms, and I get asked about this a lot, I’m going to use an InfoPath form in my example here.

  1. If you don’t already have a document library on your site called “Form Templates”, go ahead and create it.
  2. When you publish your form to SharePoint, instead of publishing it directly to a form library, publish it as a content type. Note that if your form has been published as an administrative template, that’s fine too, but just less common. Click Next.
  3. Choose Create a new Content Type, and click Next.
  4. Name your content type, with whatever the name of the form is. Mine is a Check Request. Click Next.
  5. On the screen where you specify a location for the form template, click Browse. Select the Form Templates library on your site, and give your form a name. I called mine CheckRequest.xsn. Click Next.
  6. Pick your fields that you want to be columns, and click Next. Click Publish. Click Close.
  7. Create two new form libraries. “New Check Requests” and “Locked Check Requests”.
  8. Go to the Library Settings screen of New Check Requests, and click Advanced Settings.
  9. Change Allow Management of Content Types to YES. Click OK.
  10. On the Form Library Settings screen, click Add from existing site content types.
  11. Click Check Request (or the name of your own content type from step 4) and click the Add button to move it to the right side. Click OK.
  12. Click the “Form” content type, and click Delete this content type.
  13. Go to the Library settings screen of Locked Check Requests. Repeat steps 8 through 12.
  14. In your InfoPath form, make sure that the Submit data connection is set up to submit the forms to the New Check Requests library.
  15. Open your site n SharePoint Designer, and create a new workflow based on the New Check Requests library.
  16. Name the workflow New Check Request, and click OK.
  17. Put your cursor underneath the Step 1 box, and click the Impersonation Step button in the ribbon, so your screen will look like this:
  18. Delete Step 1. Put your cursor inside of the Impersonation step and add the action called Copy List Item. Then add the action Delete Item below it.
  19. Set up the copy so that it copies from the current list over to the Locked Check Requests. Then make it delete the current item. Like this:
  20. Click Workflow Settings in the ribbon. Under start options, only put a check box next to Start workflow automatically when an item is created.
  21. Publish the workflow.

Okay, it’s done now. The key here is that the permissions will be set up as so:

  • People who need to be able to fill out the form: Give them Contribute permissions on the New Check Requests Library. Do not give them permissions on the Locked Check Requests library at all.
  • People who need to be able to access the whole list of forms that have been submitted: If they need to be able to *modify the forms that have been submitted, give them Contribute access to the Locked Check Requests library. If you only want them to be able to see the submitted items and not change them, just give them read access.
  • The key here is that when the workflow copies items over from one list to another, it uses the login of the person who published the workflow. The best practice for workflows with impersonation steps is to publish the workflow as the SharePoint admin account, and not someone’s personal account. You know, just in case. You wouldn’t want someone to leave the company and then none of the workflows function anymore, right?

Again, to reiterate…. This is just the most simple way to accomplish this goal. Of course, with impersonation steps in a workflow, you could change permission on each individual item in the list or library via workflow. It just gets kinda messy and hard to manage when you start delving into individual item permissions. The method in this blog post is simple because you the permissions are set at the library level.

Keep in mind that with some list types in SharePoint, such as a custom list, there is a setting in advanced settings that you can use. Unfortunately, this setting just doesn’t exist in libraries.

Note: If people will be modifying the submitted forms after they have been moved to the Locked Check Requests Library, there is one more important consideration… the submit data connection. You’ll have to create another submit data connection that submits to Locked Check Requests, because you probably don’t want to have a bunch of duplicate files. There just needs to be a condition that looks to see if this is a form that has already been initially submitted. So, for example, you can create a field called “FormStatus”. When the submit button is clicked, add an action to set a field’s value, where you set the FormStatus to submitted. That way, you can create a condition so that if a form has already been submitted initially, then it gets submitted to the Locked Check Requests.




  • Laura,

    Once again, you have provided some great insight into OOTB functionality of SP, SP Designer, an IP. Thank you!

    I am wondering, however, if there is a way that I can integrate save as draft functionality with this workflow to save to a secure location.

    In another blog, you described a way for users to submit a form as a draft by using the FormStatus field. This was a great way to allow users to save their forms.

    I want users to see only their drafts on SP. I can use the relevant documents web part to accomplish this task; however, any other document the user submitted to the site will appear in this web part.

    If I use the above workflow to copy “submitted” drafts to a “restricted” library, will the user be able to see/edit/view the file in the “restricted” library through the relevant documents web part?

  • Laura,

    Thanks for the great article. Is there a way for the submitted to locked library to run after the form passes through a couple of other steps (ie. Draft, Review, Approved, Final), only move to the locked library after it reacheds the Approved step.

  • Isaiah,
    In this solution, the users would not be have contribute rights to the library, because that’s the common requirement that I was going by. If you want them to be able to edit them after submitting, you may want to use an impersonation step to just change the permissions on each item when it’s created, so you can just give the “created by” person access to edit it, and everyone else just “read”, or whatever you want to do.

    Yes, just create a field called “status”, and create a condition in the workflow so that it only moves the file IF status is equal to FINAL (or however you want to do it).

  • Is there a way to do this without SharePoint Designer?

  • Hi Pete,
    Not using this method, no, unless you have a 3rd party workflow tool that can also do impersonation or assign permissions. You can do something similar and avoid SPD altogether, but you wouldn’t have true file security. You could set up a view in the form that basically says “”you don’t have access to this form””. Use a separate sharepoint list to put people in who DO have access to it, and pull that list in via data connection, and check that the logged in user is in that list. If they’re not, then you send them to that view.

  • Hi Laura,
    can you please provide a post on document sets and how an infopath form can be submitted to a document set. Also can a new document set form be edited using infopath to incorporate some business rules? I’m developing case management solution where each case will have lots of documents attached. Document Set feature within Sharepoint 2010 seems to be a good fit, but there are also comlex forms that end user would have to use for each case, so infopath would be great for the form part. I’m having trouble with Infopath and Document Set working together exchanging information and submission part.

  • Julia,
    I do not know how that would be accomplished. Maybe a 3rd party workflow tool?

  • Hi, can you have the same reslts in SP 2007. We have a HR department wanting lots of infopath forms but currently I am refusing because each submitter has contribute access to the destination library……

  • in SP 2007 …..I have got to the point where I get the workfolw to work if i submit a form as system account.

    If I am logged on as an random user the form submits but the workflow fails to copy teh item accross to the locked form library.

    So as you say its best have the workflow run with system account authentication. How do I do that in SP 2007? there seems to no option for impersonation…or am i wrong?

  • Hi Laura,
    This has been very helpful. I wonder if you have come across the following issue.
    My Infopath form submit button saves the form to the submitted library as concat(“Expense Report – “, DisplayName, ” “, now()) and then, so that my users won’t be prompted to save the form again, (it prompts to save as as formXX.xsn when I close the form) I have also added the “Close the Form” action to the submit button.
    This creates the form in the library and then closes the form, but this workflow doesn’t run as expected any more. I still receive the approval workflow email but the approval metadata column does not show “In progress”. It is blank. I can go into the running workflow and approve it, but again the workflow metadata column is not updated and the form is not copied to the completed library.
    If I remove the close form action from the submit button, everything starts working again. I thought that once the item was created in the submitted library that closing the form would have no effect, but I am wrong.
    Am I doing something wrong?

  • @Pete Murphy
    It’s possible to do this by developing an event receiver.
    That’s an option I choosed.

    For all automated actions, you always have the choice doing it by a workflow that is started on each change on the element or an event receiver, doing exactly the same.


  • Hi Laura,
    Thank you for the excellent information. Is there a way to move the form across site collections? we have a “public” site where I’d like to host the initial form submission and have that form then move automatically to a “private” site in another site collection.


  • Jar,
    There is no option for impersonation in SP 2007.

    Why would you be prompting users to save the form? Just use the submit data connection (submit and close actions) and disable all of the save and save as functionality (in advanced form options). I think you’re doing a whole bunch of stuff wrong unfortunately. Have you bought my InfoPath book? I wrote a whole chapter on that submit and publish functionality. No, I’m not saying that to try and get your money, I’m saying it because it would be beneficial for you to really understand the whole process and how it’s supposed to work.

    No, there is not a way to move it across site collections, unless you had a bunch of 3rd party tools or custom code involved.

  • Lara,

    I am having an issue where I have a client in China that is using UAG to access their IP forms and they are able to open the form in filler and then when they try to submit the form there is a breakdown and errors occur. Can I set permissions to not time out on the filler form or create a web based form to overcome the firewall and UAG. Any help would be greatly appreciated.

  • Hi Laura,

    I bought your book “Step by Step Using Microsoft InfoPath 2010 with Microsoft SharePoint 2010”. It is a great resource! In chapter 13 you provide excellent information on setting up a Help Desk Request InfoPath form.

    You showed how to use a webpart so users can see only their items and update them as needed, but unfortunately users can also browse to the forms library and see everyone else’s requests. In addition, users can also set alerts so that when new requests come in from other people, they can see those as well.

    I’d like to set this up so that users can’t set alerts on requests and can’t browse to the form library to see other people’s requests, but they should be able to see their own active requests and update them as needed.

    The Impersonation Step works well for part of the requirements, but I’m not sure how to allow users to see and update only their own requests (via the “My Active Requests” webpart as described in your book) after the form moves into the “Locked Down” library as described in this blog.

    Thank you in advance,


  • Catheryn, Sorry I do not have experience in that particular error / issue.

    You can create a permission level that disallows them from creating alerts and/or personal views. You can also make the default view in the library “my forms” so they only see their own, and don’t put any other views in there. Then, create a library just for your “admin” views. Each ASPX page in the library has a view of all items of a form library, and set permissions on that ASPX page to those people who need to be able to see all the forms.

  • I have scenario where the user wants to open an existing Infopath form, (which has a field named ‘Title’ as its file name) and change the Title field and submit.

    This action creates a new Infopath form, with the new name, in addition to the existing one, in the Sharepoint site. The user has to manually delete the old one and we had to insist every user to perform this, when required.

    Is there a way to update the file name of the existing form and save changes to the existing one ? (Basically its renaming the File name of the form). Any help on this is very much apperciated.

  • @vinhotOO1 is my Twitter id.. Please provide your views on the issue I just raised.

  • Hi Vinodh,
    I wrote a whole chapter in my InfoPath 2010 Step by Step book, explaining this whole publishing and submitting process, and best practices. It’s chapter 9. Sorry, but it’s too much info for a blog post, but it will answer this question, and others you have asked on other blog posts in here. 😀

  • It’s 3 years after the initial post, but this has saved me a MASSIVE headache. Just wanted to say thank you so much for putting it together, in such a clean way. Excellent Job. I cannot explain how helpful this is.

  • Awesome, that’s good to hear, Stephen!

Leave a Reply