Applies To: SharePoint
By default in SharePoint 2010 nearly every visitor to your site automatically gets an “All Site Content” link added to their quick launch. In addition, there’s a “View All Site Content” option in the Site Actions menu. Here’s a default team site as seen by a user with only Read permission:
For team sites and basic work areas this is a great idea. However, there are several cases where it would be better if this wasn’t shown to the average user – for instance, a Business Intelligence Center. A Business Intelligence Center site is where you’re probably hosting PerformancePoint content and/or reports, etc. Anyone using your dashboards must have read permission to all the content and datasources. But generally you don’t want general users browsing this content. It’s better to provide good navigation either through the quicklaunch or a nice home page. However, you want your designers to still have this link.
Fortunately, Microsoft built the quicklaunch link with a ClusteredSPLinkButton and the Site Actions link with a MenuItemTemplate both of which have the PermissionMode and PermissionsString properties. These controls allow you to perform simple permission trimming.
SPSecurityTrimmedControl Permission Trimming
The controls both inherit from SPSecurityTrimmedControl which is where the permission trimming properties and methods come from.
The first property, PermissionsString, defines the permission(s) a user must have in order to view the control. You can find a list of permissions here. By default both of the All Site Content link controls use the ViewFormPages permission (Basically, anyone who can get to the site).
You can use multiple permissions in your PermissionsString by separating them with a comma. How those are used is determined by the PermissionMode property which can have two values: Any or All. When set to “Any” the control will show if a user has at least one of the permissions in your PermissionString. When set to “All” the control will only show if a user has every permission listed in your PermissionString.
We wanted the All Site Content links to only show for users with Full Control over a site. So our PermissionsString needs to be ManageWeb, and since we’re only using one permission our PermissionMode can be either Any or All or even not included.
Hiding the Quicklaunch Link
To change the permission trimming attributes for our controls, we have to edit the MasterPage. If you’re developing a custom branding solution then this should be easy enough to do directly in Visual Studio. If you’re just customizing on the fly, then you’ll use SharePoint Designer (Choose Edit in SharePoint Designer from the Site Actions menu).
In the default master page (v4.master) the Quicklaunch All Site Content link can be found around line 573 and is included in the PlaceHolderQuickLaunchBottomV4 UIVersionedContent control. Here’s what it looks like by default:
<SharePoint:ClusteredSPLinkButton id="idNavLinkViewAllV4" runat="server" PermissionsString="ViewFormPages" NavigateUrl="~site/_layouts/viewlsts.aspx" ImageClass="s4-specialNavIcon" ImageUrl="/_layouts/images/fgimg.png" ImageWidth=16 ImageHeight=16 OffsetX=0 OffsetY=0 Text="<%$Resources:wss,quiklnch_allcontent_short%>" accesskey="<%$Resources:wss,quiklnch_allcontent_AK%>"/>
So all we have to do is change line 576 to read PermissionsString=”ManageWeb” and save.
Hiding the Site Actions Link
The Site Actions menu is just as easy to edit. The View All Site Content link can be found around line 137 inside the SiteActions FeatureMenuTemplate control. Here’s what it looks like by default:
<SharePoint:MenuItemTemplate runat="server" id="MenuItem_ViewAllSiteContents" Text="<%$Resources:wss,quiklnch_allcontent%>" Description="<%$Resources:wss,siteactions_allcontentdescription%>" ImageUrl="/_layouts/images/allcontent32.png" MenuGroupId="300" Sequence="302" UseShortId="true" ClientOnClickNavigateUrl="~site/_layouts/viewlsts.aspx" PermissionsString="ViewFormPages" PermissionMode="Any" />
Again, just change line 145 to PermissionsString=”ManageWeb” and save.
That’s it! Here’s what the same Team Site now looks like to a user with Read permission: