Restrict SharePoint Content based on Permissions
In this post I explain the steps required to restrict (show/hide) content based on criteria relating to the permissions or authentication status of the current user. References to other tutorials relating to restricting content based on permissions are also provided below.
The SPSecurityTrimmedControl class is used to specify the criteria required for content to be included on a page for a user. The class has a large amount of functionality that allows specific scenarios to be singled out, or more general scenarios such as the authentication status of a user which would be highly useful when using SharePoint as an internet / public facing website that often has anonymous users accessing the site(s).
The following example uses the SPSecurityTrimmedControl class to restrict content to users with the ManageWeb permission (full control over the current site):
<SharePoint:SPSecurityTrimmedControl ID="ShowContentSample" PermissionsString="ManageWeb" runat="server"> <div>Controls or HTML included here will be visible only to users with the ManageWeb permission on the site.</div> </SharePoint:SPSecurityTrimmedControl>
The tutorials / articles below provide information and examples on how to use the SPSecurityTrimmedControl class to restrict content:
SharePoint: Show or Hide Content based on Permissions – This article provides details on how to use the class by referring to a specific example scenario where content is only to be shown to users with the Manage Lists or Manage Web permission role on a site. The article explains how to incorporate multiple permission roles so that a user with any one or more of the associated roles will see the content.
Permission Based Content in SharePoint (With Examples) – This tutorial provides a range of examples for using the SPSecurityTrimmedControl class to restrict content based on permissions and authentication and additional information to help when incorporating other conditions to control the context (Site, List, Item, etc.) and Permission Mode for when multiple permission roles are included (Require a user to have all of the permissions, or any one or more). Example scenarios include:
- Show content to only a user with full permissions on the site
- Show content to only a user with full permissions on the site
- Show Content to users with access to manage permissions
- Show Content to users who can Add, Edit or Delete List Items in the Current List
- Show a link to Anonymous (not authenticated) users only
- Show a link to Authenticated users only