Permission Based Content in SharePoint (With Examples) - SharePoint Development & Administration + InfoPath

Tuesday, October 11, 2011

Permission Based Content in SharePoint (With Examples)

The examples in this tutorial demonstrate how to restrict certain content or controls on a page in SharePoint to specific users based on their permissions.  It can be applied to a Master Page, or directly to a .aspx page in SharePoint using SharePoint Designer.  Many options are available to configure exactly how and when the content should be displayed using the base permissions available in SharePoint with the SPSecurityTrimmedControl class.

The complete list of base permissions that can be used with the class can be viewed on this page: SPBasePermissions.  It is also possible to show or hide content based on user authentication using the AuthenticationRestrictions property of the class, which may be useful if you want to display a different set of links depending on if a user has been authenticated or is anonymous.

Below are some examples of base permissions that are more likely to be used to restrict content to specific users with the associated permission.

Show content to only a user with full permissions on the site:

 ASP Controls or HTML included here will be visible only to users with full permission on the site.


Show content to only users who can manage lists

ASP Users Controls or HTML included here will be visible only to users who have the Manage Lists permission.


Show Content to users with access to manage permissions

ASP Users Controls or HTML included here will be visible only to users who can manage permissions.


Show Content to users who can Add, Edit or Delete List Items in the Current List
Multiple permission levels are separated by a comma.  To allow the content to be displayed if a user has any one of the listed base permissions, the PermissionMode property should be included with the mode as “Any” (used in example below).  The user must have all permissions listed if PermissionMode=”All” or is not specified.  The Context is also set to restrict the permission mask to the current list (PermissionContext=”CurrentList”).

     PermissionsString="AddListItems, EditListItems, DeleteListItems"

Content here will be displayed if a user has access to Add Edit or Delete list items.


Show a link to Anonymous (not authenticated) users only

<a href=”/” >Link displayed for Anonymous Users Only</a>


Show a link to Authenticated users only

<a href=”/” >Link displayed for Authenticated Users Only</a>


Some of the properties used in the examples above to customise use of the SPSecurityTrimmedControl class when restricting content for specific users are below:

  • PermissionsString - A comma separated list of the base permissions that a user requires for the content to be displayed.
  • AuthenticationRestrictions - Displays content based on the authentication status.
  • PermissionContext - Sets the context of the permission mask (CurrentFolder, CurrentItem, CurrentList, CurrentSite, RootSite)
  • PermissionMode - When multiple base permissions are provided, this property is used to specifies if all of the permissions are required, or any one similar to the use of “&&” (AND) or “||” (OR).
  • Full list of SPSecurityTrimmedControl Members.

SharePoint: Show or Hide Content based on Permissions - This article demonstrates how to show a “View All Site Content” link to users with full permission on a site, or with access to Manage Lists on a site using SPSecurityTrimmedControl.  It is placed in a Master Page using SharePoint Designer.
Share this article:
Stumble This Delicious
submit to reddit

No comments:

Post a Comment