SharePoint components - business processes without development, InfoPath, SharePoint Designer or workflows. SharePoint Services, SharePoint Foundation & SharePoint Server 2007-2013.

  • Infowise Solutions Ltd, SharePoint web parts and solutions
Skip Navigation LinksHome > Blog > Post
SPSecurityTrimmedControl or "How to hide stuff from people"

Hello,

Do you need to hide specific columns based on user identity and column values? Smart List Pro will help you achieve that in no time, no code required.

This convenient control has been around since the old good MOSS days, but was never given enough attention..

So i would like to explain what it is good for and how you can use it in your site.

SPSecurityTrimmedControl will basically hide all its content from users that won't meet a given security definition.

Unlike the previous solutions (style.display='none'...), the content will be hidden on the server side!

For Example: recently i was asked to show the top ribbon only to users with Manage rights.

What i did, was:

Open the site's Master Page in SharePoint Designer

Find a div with id= s4-ribbonrow, its content is actually the top ribbon

Wrap this div with a SPSecurityTrimmedControl, like this:

 

spsecuritytrimmedcontrol

Useful attributes of the control:

  • PermissionContext - against which user permissions will be tested

(possible values: CurrentSite, CurrentList, CurrentFolder, CurrentItem or RootSite)

  • PemissionMode - does the user have to meet all role definitions or just one of them

(possible values: All or Any)

  • PermissionsString - what permissions does the user need to see the content - can enter some values separated by comma

(possible values are from the enumeration SPBasePermissions:

EmptyMask,ViewListItems,AddListItems,EditListItems,DeleteListItems,ApproveItems,OpenItems,ViewVersions,

DeleteVersions,CancelCheckout,ManagePersonalViews,ManageLists,ViewFormPages,Open,ViewPages,

AddAndCustomizePages, ApplyThemeAndBorder,ApplyStyleSheets,ViewUsageData,CreateSSCSite,

ManageSubwebs,CreateGroups, ManagePermissions,BrowseDirectories,BrowseUserInfo,AddDelPrivateWebParts,

UpdatePersonalWebParts,ManageWeb, UseClientIntegration,UseRemoteAPIs,ManageAlerts,CreateAlerts,

EditMyUserInfo,EnumeratePermissions,FullMask)

  • AuthenticationRestrictions - allows to differ between authenticated and anonymous users

(possible values: AllUsers, AuthenticatedUsersOnly, AnonymousUsersOnly)

save, check-in, publish and there you go!

11 Response(s) to SPSecurityTrimmedControl or "How to hide stuff from people"

1 Sanjeev at 3/24/2011 10:20:05 PM
Hi, I am new to Sharepoint development. I am going to develop an application based on Sharepoint 2010. I have been searching for a way to enable / disable or even hide some Ribbon buttons based on user privileges. For eg: when Manager logs in to the application, the Ribbon will have an "Approve" button. It will not be shown (or disabled) for other users. Is SPSecurityTrimmedControl the way to implement this? Are there other ways to achieve this behaviour? Thanks in advance.
2 Vladi Gubler at 3/28/2011 12:17:09 AM
No, this technique is not designed for that, it is for hiding HTML/ASP.NET controls. To hide ribbon buttons: if it is a built-in button, it will be disabled automatically depending on the user's permissions. If you are adding the button using feature, you specify the required permissions in that feature.
3 Oleg at 5/8/2012 2:56:49 AM
Sorry, the prev. Post was in Russian, this Information was very useful for me, my english is very bad, but it was very easy to understand, so that I've all understood. Respekt!
4 Johanna Forsberg at 8/5/2012 2:58:54 AM
Hi, Does this method work on the quicklaunch of MySite as well? I want to hide some tabs for some users, for example I want to hide "overview" for users in Group 1, but users in Group 2 should see the overview-tab... // Johanna
5 b shankar at 1/7/2013 6:07:50 AM
Hi, Can you please tell me how to hide an item from 'quiz launch' based on user in Sharepoint 2013?
6 Vladi Gubler at 4/19/2013 8:35:53 AM
This can be used to hide complete controls, not values within a control, such as with the quick launch
7 Anonymous at 4/30/2013 8:20:31 AM
for non-security content i would use builtin features like audience targeting or some js/css hooks like jquery to hide links in quick launch for users based on their permissions. be careful with described method, because hiding Ribbon by SPSecurityTrimmedControl may cause some js exceptions.
8 K_Joshi at 9/23/2013 8:52:30 AM
This was very helpful for me in Un-hiding the Ribbon from the Visitors of the site and still hiding the SiteActions Menu from them. I applied one SPSecurityTrim control around Site Actions and another around SPRibbon. I hope this is the correct way.
9 Khushi at 2/11/2014 11:05:40 AM
Hi there, I have implemented custom menu for top navigation to browse the cross site collections. This custom menu is implemented by CustomXmlContentMapProvider in the masterpage. I tried to wrap the SecurityTrimmedControl around AspMenu control. Do you think this would work? Which property would I need to set? I tried the AuthenticatedUsersOnly but it's not working. The menu has few links which points to some libraries from different site collections. I need to hide those links from users who doesn't have permission on the library. Please advise. Thanks, Khushi
10 Vladi Gubler at 2/11/2014 11:10:40 AM
Khushi, there is no way of implementing security trimming through an XmlContentMapProvider. Take a look at this product instead: http://infowisesolutions.com/product.aspx?ID=ECS
Comments Moderated

You may submit a comment, but it will appear after being approved by the moderator.

Leave a Comment:

Name (optional):
Comment:
CAPTCHA
Request a new image
Type in characters on the left: