In the InfoPath Service Pack 1 release, it is now possible for form templates to be opened from locations other than their published location. There is also a ‘Send Form as Attachment’ option under the File menu which attaches your form template to an Outlook mail message for distribution. However, for security reasons, there are still limitations on what kinds of form templates can be opened and from what locations. The following is a guide to understanding the InfoPath SP1 Deployment and Security Model:
Form Template Security Level
Each Form Template made in InfoPath SP1 has one of three security levels specified; Restricted, Domain, or Full Trust. This setting is determined automatically by default, but can be set manually, if desired.
NOTE: To access this setting in the Designer, navigate to Tools | Form Options à Security Tab.
Restricted – The form template does not allow any access outside of the form
Domain – The form template allows access outside of the form, but only within the domain of the form template
Full Trust – The form template can access files and settings on the local computer
The Full Trust security level can only be set manually by the user for installed templates or certificate-signed templates. The maximum trust level that can be set automatically by InfoPath is Domain.
All new blank form templates (except for Managed Code solutions) start out at the Restricted security level. As you build the form, adding any of the following will automatically raise the security level to Domain:
Opening the Form Templates in the InfoPath SP1 Editor
The reason to make a distinction between Restricted and Domain security was to allow for form templates without script or data connections to be opened from anywhere. Therefore, email deployment of restricted form templates in SP1 is easy, just send out the form template and it can be opened either from the Outlook mail itself or from wherever the recipient saves it.
With Domain form templates, some of the same security restrictions from v1 still exist, but SP1 allows for some added functionality. Domain form templates still require that they be opened from their published location. However, by using the Send Form as Attachment option in the file menu, a Domain form template can be mailed out as an attachment. This attachment, when received and opened, functions as a link to the actual published location. The form template at that publish location is what actually gets opened in the InfoPath Editor, not the one that was clicked on. At that point as well, the published form template is copied locally and will appear as a selection in the Fill Out a Form dialog every time you launch InfoPath.
This posting is meant as an introduction and does not cover all aspects of Deployment and Security. If there are any specific questions, please respond via feedback to this article and I will follow up with further entries that will address more specific functionalities and scenarios.