This article explains the Security Trimmed Control without using any custom code.
Purpose
While building SharePoint user interface controls, we need to security trim some controls based on the current user's permission.
A user can be given a permission level like:
- Full Control
- Contribute
- Read
Each Permission Level can map to different permissions like:
- Manage Web
- Add List Items
- View Pages
Security Trimmed Control
The assembly Microsoft.SharePoint.WebControls contains a control named SPSecurityTrimmedControl that does the security trimming of the child controls inside it. Just include our control inside this control and it will be displayed or hidden based on the permission specified.
Code
The following is the code of the Security Trimmed Control. You can add this to a web part design code:
- <%@ Register TagPrefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
- <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" runat="server"
- AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="ManageWeb" PermissionContext="CurrentSite">
- <INCLUDE OUR CONTROL HERE>
- </SharePoint:SPSecurityTrimmedControl>
3 Buttons
We are planning to show the following 3 buttons:
The following are the permission requirement for each button:
- Manage Web
- Add List Items
- View Pages
The following is the code for it:
- <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" runat="server"
- AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="ManageWeb" PermissionContext="CurrentSite">
- <button runat="server" id="b1">Manage Web</button>
- </SharePoint:SPSecurityTrimmedControl>
- <br />
- <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl2" runat="server"
- AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="AddListItems" PermissionContext="CurrentSite">
- <button runat="server" id="b2">Add List Items</button>
- </SharePoint:SPSecurityTrimmedControl>
- <br />
- <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl3" runat="server"
- AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="ViewPages" PermissionContext="CurrentSite">
- <button runat="server" id="b3">View Pages</button>
- </SharePoint:SPSecurityTrimmedControl>
Infrastructure
You can create a Farm Solution and add a Visual Web Part into it. Build and Deploy the project and add the web part to a page. You need 2 user accounts to test this. The first user account will be the System Account and the second user will be the test user. I recommend using 2 different browsers, one for changing the permission of the system user and the other for viewing the page as a test user.
Full Control
the following is the page output when the test user is given Full Control permission level.
He can see all the 3 buttons.
Contribute
The following is the page output when the test user is given Contribute permission level:
He can see only the second 2 buttons.
Read
The following is the page output for when the test user is given Read permission level:
He can see only the third button.
Furhter Understanding
Please note the following:
- We are specifying authentication restriction as AuthenticatedUsersOnly
- The permission context is specified as CurrentSite
Permission Context
The following are the Permission Context values:
- Current Folder
- Current Item
- Current List
- Current Site
- Root Site
You can specify this in the XML:
Note
Using Security Trimmed Control can save a lot of code that would be required otherwise.
References
http://msdn.microsoft.com/en-us/library/office/jj822366(v=office.15).aspx
Summary
This article explored the Security Trimming Control in SharePoint 2013. I hope this will be helpful in real-world scenarios.