How Strict Should Form and Workflow Access Rules Be?
When you use your form or workflow software to create an electronic form, security should be a chief concern. Some industries are bound by strict regulations, so electronic forms and workflows have to be compliant and well-protected. Even in industries that don’t have to comply with regulations on the level of HIPAA or Sarbanes-Oxley, form and workflow security must be ensured at every stage.
When anyone can access every form, or when anyone can access every field within a form, there is potential for abuse. Suppose an unscrupulous person were filling out an expense reimbursement form. If there’s nothing stopping them from editing the “total” field of the form, it would be all too easy to pad reimbursements and embezzle money. Here’s what you should know about determining access to your online forms and workflows.
Defining Who Has Access to Forms
Some forms or workflows only need to be accessed only by certain users. Your field technicians and their managers, for example, are the only ones who should be allowed to access mobile forms detailing service calls. If only a handful of people should have access, you can set the default access for the form as “disabled” or “hidden,” and then create a list of exceptions for the people who are allowed to use the form.
Likewise, if you run an e-commerce business and offer a customer satisfaction survey, you only want customers, and not customer service staff, to be able to access those forms and input data.
Defining Which Fields Allow Access
Many situations will arise when a form is used by a large number of people, yet you may not want them to be able to access every field or otherwise advance the workflow. If you have dozens or hundreds of people with access to a purchase order workflow, they will need access to certain fields, like those defining the model number and vendor of the product they want to purchase, but they should not have access to other fields, like fields approving the purchase. These fields, which should only be accessed only by approving authorities, can be disabled (so they show up “grayed out”) or hidden altogether for users who do not have the authority to fill in those fields.
Who Is the User and What Is the Form or Workflow Stage?
To ensure that all the people who need it have access to a form and certain fields in it, consider your user base and answer the questions:
- Who is the user? Are they authorized to access this form?
- What stage is the user in the workflow? Do they have approval authority or need to know?
When you answer those questions for each form and each field, you can create rules and exceptions that will ensure that everyone who needs a form has access to it, while also ensuring that only approving authorities have access to certain form fields.
Strict Default with Managed Exceptions Works Well
One approach that works well is to make default access restricted. Then define exceptions to it. If you don’t want anyone to be able to return to a completed form and change information in it, you can deny access to users except when the form is initially being completed.
Likewise, you could set the default for an approval step to be disabled or hidden except when an approving authority is using the form. This ensures forms are easy to access and use, while also ensuring that unauthorized form and workflow users can’t modify things like costs, or assignment grades.
While managing form and workflow security may appear to be complicated, it’s easy if you use form and workflow software that makes creating access rules for forms and fields simple and straightforward. PerfectForms allows you to set form and field access rules to be as strict or as lenient as you need, and it steps you through the process using a visual rules editor that is intuitive to learn.
PerfectForms allows those who create online forms and workflows to easily define access for each combination of user and workflow stage, to eliminate worries about unauthorized users approving purchases or altering important data like dollar amounts. We invite you to watch our training videos, including the one on setting access rules to see for yourself how simple and powerful PerfectForms is when it comes to ensuring your forms and workflows are secure and accurate.