In this article
Overview of user roles
A user role is a predefined category that can be assigned to users on the basis of their job title or some other criteria. Roles are typically used to present customized versions, or views, of a form template to different types of users. You can streamline your business processes and optimize data gathering by adding user roles to your form template to control what users can see when they open a form that is based on your form template. For example, imagine that you are designing the form template for a permit application whose forms will be used by the following types of users:
Electrical contractors who need to apply for a permit
Receiving agents who verify that the contractors' applications contain the necessary information
Administrators who review the submitted permit applications for approval
Instead of designing three form templates for each type of user and managing the data from all of those forms, you can design one form template whose forms collect all of the data and add a user role for each type of user. The user role determines what data is displayed through customized views that are based on each type of user.
Security Note: User roles should not be used to restrict access to sensitive data in a form. Even if you make a form template read-only or hide certain controls that are based on user roles, users can potentially use a text-editing program such as Microsoft Notepad to view or modify the form template (.xsn) file and access that data.
Scenarios for using user roles
There are many scenarios where user roles are a benefit to your users. For example, with user roles, you can:
Show a unique view for each user role You can design a form template so that different views of that form template are displayed, depending on who is filling out the form. For example, you can design a view for electrical contractors who are applying for a permit, a view for agents who receive the permit applications, and a view for the administrators who review all of the information. Each view displays only the data that is appropriate for each user role.
Show a different section for each user role You can design a form template that will display different sections, depending on who is filling out the form. For example, a section in an expense reporting form template that applies only to employees can be displayed when an employee opens the form. Another section that applies only to managers who are approving the expense report can be displayed when a manager opens the form.
Set data validation for a field that is based on each user role You can design a form template so that different data validation is applied to a control that is bound to a specific field, depending on the user role of the person who is filling out the form. For example, you can set the maximum expense value for a manager at one limit and set the maximum value for the same text box higher for an administrator. If a manager fills out the form and exceeds the amount, a dialog box appears. If an administrator fills out the form, the text box will accept a value that would otherwise be rejected if a manager filled out the form.
Submit form data to an external data source that is based on each user role For example, you can design your form template so that electrical contractors who need to apply for a permit can submit their completed forms only to a Web service, and receiving agents can submit their forms only to a SQL database. Administrators can submit their form data to a database and in an e-mail message if the application has been approved, or they can submit their form data to just a database if the application has been rejected.
Creating and assigning user roles
When you create a new user role, you can assign users to it in the following ways:
By specifying user names from a Microsoft Active Directory directory service (for example, "sales\andrew"). To specify a user name in an Active Directory directory service, the form template must be created in and published to a Microsoft Windows network that uses Active Directory.
By specifying groups from an Active Directory directory service. For example, you can specify an e-mail distribution list that contains the names of all of the members of the marketing team. To specify a group in an Active Directory directory service, the form template must be created in and published to a Microsoft Windows network that uses Active Directory.
By specifying a value that comes directly from a field in the form. The field may get data from Active Directory, or the user can enter data into a control that is bound to this field. For example, if your form template contains an Administrator text box, you can associate a particular user role with the field to which that text box is bound.
After you add a user role, you can set it as one of the following:
Default role Users who are not assigned to an existing user role are automatically assigned to the user role that is specified as the default role. The default role is also used for users who are part of a group but who are working offline. One user role is always set as the default.
Initiator role If you want to apply a particular user role to users who open your form for the first time, you can specify an initiator role. For example, you can define an initiator role named "Contractor" that applies to users who fill out new permit application forms. A user who is assigned to a different user role is automatically reassigned to the contractor role when he or she opens a new permit application form. However, the next time that user opens the same form, Microsoft Office InfoPath uses the person's assigned user role instead of the initiator role.
If you have assigned roles to users that are based on any combination of user names, groups, or values from a field, when a user opens a form that is based on your form template, InfoPath determines the role to assign to that user by using the following order:
The user's name is a value of a field in the form template.
The user's name is in Active Directory.
The user is a member of an Active Directory group.
Note: If the user is a member of several groups and you are assigning user roles that are based on a group, InfoPath checks the member list of each group in the order that the group is listed in the Manage User Roles dialog box. For example, if the user is a member of both the receiving agent group and the administrator group, and the administrator group is listed before the receiving agent group, the user will be assigned the user role for the administrator group.
If none of the above are true, the default role is used.
After you define the user roles for your form template, you can set up a rule that automatically switches views on the basis of the user's role. For example, you can create a manager user role and then create a rule to automatically switch to the manager view when a user who is assigned to the manager role opens the form. Alternatively, you can create the rule first and then define the user roles as part of the process of creating the rule.
You can also vary a control's behavior on the basis of a user role. For example, you can enable a control only for a specific user role, while other user roles can see the data in the control, but they can not modify it. The ability to restrict who can enter data into a control based on user roles is one way to ensure that the data entered into a control comes from a legitimate source. For example, you can have an Approval check box in an permit application form template that only members of the administrator user role can select, indicating that the permit has been approved. Users assigned to any other user roles, such as contractors who submit the applications, will only see the check box, but will not be able to select or clear it.