Further to my post 'How to restrict visibility and use of the form to logged-on users', on further investigation the ACL rules are not being applied as expected.
I've failed to find any combination of 'allowing' or 'denying' access to particular ACL groups that prevents access to the front-end form.
On the other hand, if 'Superusers' are denied access, then access to the back-end forms is blocked, but front-end access remains open to all.
Not sure if the code for the back-end and front-end forms has inadvertently been swapped, or if it's more complicated; I've not logged on at all the various ACL levels to test them all, but I get the same results logged on as a manager.
I've failed to find any combination of 'allowing' or 'denying' access to particular ACL groups that prevents access to the front-end form.
On the other hand, if 'Superusers' are denied access, then access to the back-end forms is blocked, but front-end access remains open to all.
Not sure if the code for the back-end and front-end forms has inadvertently been swapped, or if it's more complicated; I've not logged on at all the various ACL levels to test them all, but I get the same results logged on as a manager.