Security Trimmed Control in SharePoint 2013

This article explains the Security Trimmed Control without using any custom code.

Purpose

While building SharePoint user interface controls, we need to security trim some controls based on the current user's permission.

A user can be given a permission level like:

  1. Full Control
  2. Contribute
  3. Read

Each Permission Level can map to different permissions like:

  1. Manage Web
  2. Add List Items
  3. View Pages

Security Trimmed Control

The assembly Microsoft.SharePoint.WebControls contains a control named SPSecurityTrimmedControl that does the security trimming of the child controls inside it. Just include our control inside this control and it will be displayed or hidden based on the permission specified.

Code

The following is the code of the Security Trimmed Control. You can add this to a web part design code:

  1. <%@ Register TagPrefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>  
  2. <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" runat="server"  
  3. AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="ManageWeb" PermissionContext="CurrentSite">  
  4.     <INCLUDE OUR CONTROL HERE>  
  5. </SharePoint:SPSecurityTrimmedControl>  
3 Buttons

We are planning to show the following 3 buttons:

 

Security Trimming WebPart

The following are the permission requirement for each button:

  • Manage Web
  • Add List Items
  • View Pages

The following is the code for it: 

  1. <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" runat="server"  
  2. AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="ManageWeb" PermissionContext="CurrentSite">  
  3.     <button runat="server" id="b1">Manage Web</button>  
  4. </SharePoint:SPSecurityTrimmedControl>  
  5. <br />  
  6. <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl2" runat="server"  
  7. AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="AddListItems" PermissionContext="CurrentSite">  
  8.     <button runat="server" id="b2">Add List Items</button>  
  9. </SharePoint:SPSecurityTrimmedControl>  
  10. <br />  
  11. <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl3" runat="server"  
  12. AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="ViewPages" PermissionContext="CurrentSite">  
  13.     <button runat="server" id="b3">View Pages</button>  
  14. </SharePoint:SPSecurityTrimmedControl>  
Infrastructure

You can create a Farm Solution and add a Visual Web Part into it. Build and Deploy the project and add the web part to a page. You need 2 user accounts to test this. The first user account will be the System Account and the second user will be the test user. I recommend using 2 different browsers, one for changing the permission of the system user and the other for viewing the page as a test user.

Full Control

the following is the page output when the test user is given Full Control permission level.

 

Full Control Permission

He can see all the 3 buttons.

New Trimming WePart

Contribute

The following is the page output when the test user is given Contribute permission level:

Contribute Permission

He can see only the second 2 buttons.

Trimming WebPart

Read

The following is the page output for when the test user is given Read permission level:

Read Permission

He can see only the third button.

WebPart

Furhter Understanding

Please note the following:

  1. We are specifying authentication restriction as AuthenticatedUsersOnly
  2. The permission context is specified as CurrentSite

Code View

Permission Context

The following are the Permission Context values:

  • Current Folder
  • Current Item
  • Current List
  • Current Site
  • Root Site

You can specify this in the XML:

XML View

Note

Using Security Trimmed Control can save a lot of code that would be required otherwise.

References

http://msdn.microsoft.com/en-us/library/office/jj822366(v=office.15).aspx

Summary

This article explored the Security Trimming Control in SharePoint 2013. I hope this will be helpful in real-world scenarios.