Hide Content or Controls Based On Permissions In SharePoint

One of the little controls SharePoint possesses that gets missed often is the SPSecurityTrimmedControl, which is a wonderful little thing that actually hides whatever the content is based on the permissions you define.When the class is used on an .aspx page or a Master Page, the content contained inside the tag will be visible only to users that match the criteria/permission specified using some properties of the class.

Uses:

There are many ways this can be used,from hiding navigation items to hiding the sign-in link effectively. The visibility of links to the built-in pages in the layouts directory such as the Site Settings ,View All Site Content page, ribbon section visibility can be controlled also by using custom Master Page.

This can be applied to a Application page, Master Page, or aspx page like Web Part page or Page Layout.

SPSecurityTrimmedControl Properties

PermissionsString: This property accepts one or more base permission types  as a value. Some of the permissions are:

  • Manage Web: A user with this permission has full access to the current site in a site collection.

  • Manage Lists: A user with this permission can add and remove lists on a site, as well as modify the settings of the lists and libraries.

  • Manage Permissions: A user with this permission level has access to manage the permissions for a site, list or list item depending on the context of the permission mask.

  • AddListItems, EditListItems, DeleteListItems: A user with these permission can add, edit or delete items in the current list.

You can read in depth about the base permissions here – SPBasePermissions

The permissions are set using the PermissionsString property, which accepts one or more base permission type. When more than one base permission is included, they should be separated by commas.

PermissionContext:

The context of the permission mask can be specified using the “PermissionContext” property of the SPSecurityTrimmedControl class. It accepts the following values: “RootSite”, “CurrentSite”, “CurrentList”, “CurrentItem” and “CurrentFolder”.

PermissionMode:

This property accepts only two values – “All” or “Any”. Setting to “All” means that the current user has all of the permissions listed in the PermissionsString property (assuming multiple base permissions are specified) to be able to see the content. Setting to “Any” would mean that the current user has either of the permissions listed in the PermissionsString property to be able to see the content.

More details can be found here – SPSecurityTrimmedControl.

As an example I can hide controls or content from anonymous users, and show them for logged in users using the following code:

  1. <SharePoint:SPSecurityTrimmedControl ID=”SPSecurityTrimmedControlID″ PermissionsString=”BrowseDirectories” runat=”server”>  
  2.     <DIV>THIS TEXT IS HIDDEN UNLESS YOU ARE LOGGED IN</DIV>  
  3. </SharePoint:SPSecurityTrimmedControl>  
This results in the DIV control and its contents only being displayed to users who have the BrowseDirectories Permission.

Another example is to hide the top ribbon from a wiki page when the user is not an owner or contributor to the site. In other words, I wanted the top ribbon to be visible to users with access to manage lists on the site, as well as the site owners (users with Full Control over the site). So I found the div tag that contained the top ribbon and placed it inside the SPSecurityTrimmedControl tag as shown below.
  1. <SharePoint:SPSecurityTrimmedControl  
  2. ID="SPShowToManagers1"  
  3. PermissionsString="ManageLists, ManageWeb"  
  4. PermissionContext="CurrentSite"  
  5. PermissionMode="Any"  
  6. runat="server">  
  7.   
  8. <div>This will be visible only to a user with full access to the current site. </div>  
  9.   
  10. </SharePoint:SPSecurityTrimmedControl>  
And here we go, the users only with above permissions can see the ribbon, those with read permission can’t.
 
Read more articles on SharePoint: