Restricting access to “All Site Content”

When viewing an SharePoint intranet site, there will be a bunch of WebParts, documents, links, etc – with user security applied, allowing for various levels of access – such as contributor, read-only, full control, etc.

On the top left of any SharePoint intranet portal will be a link to “View All Site Content” – above the navigation that has been configured for the site.

vasc-1

Recently, had a client that wanted to remove/hide this link, which would restrict certain users from being able to view the list of “libraries” within the site. 

The particular users can’t actually create new lists or libraries, but the client wanted the navigation for the site to be the only way for folk to get about – and not poke into “what’s there” – by viewing All Site Content.

Fair enough – that’s what they want !

To achieve this, the approach we took was to include some “security trimming” – meaning that certain users would not see this link – while other users (Admin) could view all site content.

Yes – I’m aware that users could simply enter the URL into the address bar – but it’s something that the general “click this and see what happens” user will not be aware of – and won’t go poking around.

The trick is to do the following :

(1) add the SPSecurityTrimmedControl tag around the elements that you want to restrict

(2) specify the particular permission-set that you want to allow to see the control/s

Note that this is added to the Master Page – and only needs to be included ONCE – not like it’s needed in each and every Page Layout.

For default.master, this is included as “ViewFormPages” – this is will be changed to “ManageWeb” – meaning that lesser level users won’t be able to see the link.

<Sharepoint:SPSecurityTrimmedControl runat=”server” PermissionsString=”ManageWeb“>

—-> tags/controls that you only want visible to folk who can “view form pages” <—-

</SharePoint:SPSecurityTrimmedControl>

So – the HTML/ASPX page will look like this (with the security trimming around the “SPLinkButton” – which is used for View All Site Content) :

<Sharepoint:SPSecurityTrimmedControl runat=”server” PermissionsString=”ManageWeb“>

<div class=”ms-quicklaunchheader”>

<SharePoint:SPLinkButton id=”idNavLinkViewAll” runat=”server” NavigateUrl=”~site/_layouts/viewlsts.aspx” Text=”<%$Resources:wss,quiklnch_allcontent%>” AccessKey=”<%$Resources:wss,quiklnch_allcontent_AK%>”/>

</div>

</SharePoint:SPSecurityTrimmedControl>

Click here to see a list of all the possible “PermissionStrings”.

After changing and updating (uploading) the new Master Page, the end result is that the link will not be shown for users who do not have “ManageWeb” permissions.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s