SPSecurityTrimmedControl class in SharePoint can be used to show or hide contents of a page based on the current user’s permissions. When the class is used on an .aspx page or a Master Page, the content contained inside the tag will be visible only to users that match the criteria/permission specified using some properties of the class.
Uses – The visibility of links to the built-in pages in the layouts directory such as the Site Settings or View All Site Content page can be controlled. Also, visibility of sections of the ribbon can be controlled. All this can be done when a custom Master Page is being used.
Where to apply – This can be applied to a Master Page, Application page or .aspx page such as a Web Part Page or Page Layout.
Properties of SPSecurityTrimmedControl
PermissionsString – This property accepts one or more base permission type as a value. Some of the permissions are:
- ManageWeb – A user with this permission has full access to the current site in a site collection.
- ManageLists – A user with this permission can add and remove lists on a site, as well as modify the settings of the lists and libraries.
- ManagePermissions – A user with this permission level has access to manage the permissions for a site, list or list item depending on the context of the permission mask.
- AddListItems, EditListItems, DeleteListItems – A user with these permission can add, edit or delete items in the current list.
You can read in depth about the base permissions here – SPBasePermissions
The permissions are set using the PermissionsString property, which accepts one or more base permission type. When more than one base permission is included, they should be separated by commas.
PermissionContext – The context of the permission mask can be specified using the “PermissionContext” property of the SPSecurityTrimmedControl class. It accepts the following values: “RootSite”, “CurrentSite”, “CurrentList”, “CurrentItem” and “CurrentFolder”.
PermissionMode – This property accepts only two values – “All” or “Any”. Setting to “All” means that the current user has all of the permissions listed in the PermissionsString property (assuming multiple base permissions are specified) to be able to see the content. Setting to “Any” would mean that the current user has either of the permissions listed in the PermissionsString property to be able to see the content.
More details can be found here – SPSecurityTrimmedControl
Now that we know quite a bit about SPSecurityTrimmedControl, let’s move onto it’s implementation
My Scenario was to hide the top ribbon from a wiki page when the user is not an owner or contributor to the site. In other words, I wanted the top ribbon to be visible to users with access to manage lists on the site, as well as the site owners (users with Full Control over the site). So I found the div tag that contained the top ribbon and placed it inside the SPSecurityTrimmedControl tag as shown below.
<SharePoint:SPSecurityTrimmedControl ID="SPShowToManagers1" PermissionsString="ManageLists, ManageWeb" PermissionContext="CurrentSite" PermissionMode="Any" runat="server"> <div>This will be visible only to a user with full access to the current site. </div> <!--<span class="hiddenSpellError" pre=""-->SharePoint:SPSecurityTrimmedControl>
And here we go, the user’s only with above permissions can see the ribbon, those with read permission can’t.