Microsoft InfoPath 2010
The official blog of the Microsoft InfoPath team

Understanding the InfoPath SP1 Deployment and Security Model – An Introduction

Understanding the InfoPath SP1 Deployment and Security Model – An Introduction

  • Comments 3

A common question that was asked when people started using the initial InfoPath release was, “How can I distribute a form template to other people through email?”  In InfoPath V1, this was difficult because once you saved or published a form template to a location, it was ‘sited’ to that location.  If it was moved from that location, it would not open in the InfoPath Editor. 

In the InfoPath Service Pack 1 release, it is now possible for form templates to be opened from locations other than their published location.  There is also a ‘Send Form as Attachment’ option under the File menu which attaches your form template to an Outlook mail message for distribution.  However, for security reasons, there are still limitations on what kinds of form templates can be opened and from what locations.  The following is a guide to understanding the InfoPath SP1 Deployment and Security Model:

Form Template Security Level

Each Form Template made in InfoPath SP1 has one of three security levels specified; Restricted, Domain, or Full Trust.  This setting is determined automatically by default, but can be set manually, if desired. 

NOTE:  To access this setting in the Designer, navigate to Tools | Form Options à Security Tab. 

Restricted – The form template does not allow any access outside of the form  

Domain – The form template allows access outside of the form, but only within the domain of the form template

Full Trust – The form template can access files and settings on the local computer

The Full Trust security level can only be set manually by the user for installed templates or certificate-signed templates.  The maximum trust level that can be set automatically by InfoPath is Domain.

All new blank form templates (except for Managed Code solutions) start out at the Restricted security level.  As you build the form, adding any of the following will automatically raise the security level to Domain:

  • Task Pane
  • Script
  • ADO Query or Submit Adapter
  • Web Service Query or Submit Adapter
  • SharePoint Query or Submit Adapter
  • Query to linked XML file
  • HTTP Submit
  • ActiveX Control
  • Roles
  • DLL Resource File
  • HWS
  • Rule that opens a new document 

Opening the Form Templates in the InfoPath SP1 Editor

The reason to make a distinction between Restricted and Domain security was to allow for form templates without script or data connections to be opened from anywhere.  Therefore, email deployment of restricted form templates in SP1 is easy, just send out the form template and it can be opened either from the Outlook mail itself or from wherever the recipient saves it. 

With Domain form templates, some of the same security restrictions from v1 still exist, but SP1 allows for some added functionality.  Domain form templates still require that they be opened from their published location.  However, by using the Send Form as Attachment option in the file menu, a Domain form template can be mailed out as an attachment.  This attachment, when received and opened, functions as a link to the actual published location.  The form template at that publish location is what actually gets opened in the InfoPath Editor, not the one that was clicked on.  At that point as well, the published form template is copied locally and will appear as a selection in the Fill Out a Form dialog every time you launch InfoPath.

Future Considerations

This posting is meant as an introduction and does not cover all aspects of Deployment and Security.  If there are any specific questions, please respond via feedback to this article and I will follow up with further entries that will address more specific functionalities and scenarios.

Leave a Comment
  • Please add 4 and 2 and type the answer here:
  • Post
  • In v1, I create a msi file so that the Infopath form can be installed locally with full trust, in locations that have only email connect to the Internet. The completed Ifopath form gets emailed to the SQL Server where it gets bulk loaded into the tables.
    Then managers in the main office access the data on the SQL Server using Infopath forms.
    Will sp1 break any of this?
Page 1 of 1 (3 items)