Sign In
 |  CAREERS  |  CONTACT  |  SEARCH:
SharePoint Security Part 1 - How Security Affects What You Can See in SharePoint
11/6/2011
Kevin Hughes

SharePoint Security, Part 1: How Security Affects What You Can See in SharePoint



SharePoint security can often be the subject of many a long day of planning, implementing and troubleshooting. And as more companies become security-conscious, having the right security in your SharePoint sites is essential to ensuring a compliant and smoothly running collaborative environment.

This is the first installment of a series on SharePoint security. It is written for the end-user and the site administrator alike. In future installments we will explore the topics of permissions levels, SharePoint groups vs. Active Directory groups, and permissions inheritance.

Security Trimmed UI

Most end users navigating through Microsoft SharePoint sites will notice that they may have different options available to them on different sites or even different locations within the same site. And in some situations, perhaps even the Help feature was not helpful enough as the instructions referred to menu options that they just could not see or access. This is not an attempt to frustrate.


SharePoint only shows you the sites, site content, and menu options to which you have been granted permissions to see or successfully use. This is referred to as a security trimmed user interface (UI).

SharePoint security can be assigned to allow actions through an entire site, or fine-tuned to have different permissions on each list or library in the site or even each document in a library. Your permissions can differ between sites and can differ between the content on the same site, such as: lists, libraries, items in lists, and files in libraries. As such, menu options you have on one site, library or item may not be available in a different location.

Following are a couple of examples to help show how a security trimmed UI affects users with different permissions for a SharePoint site and its content. The examples assume the default installation of a SharePoint site and its content, your site may have different menu options.

Example 1: Site Actions Menu

Depending on your site permission level, you may or may not have seen the Site Actions button in the upper corner of a SharePoint site. The Site Actions menu contains options that potentially affect the entire site by adding additional content or changing site settings. Here are two examples of what options are displayed when the Site Actions menu button is clicked. The menu options vary depending on the features active within the SharePoint site and the permissions of the user that selects the menu. Assuming a typical site with typical default features active, we have the following example.

 

sp-sec1-01.JPG
 

When William, the site administrator for Sales, clicks the Site Actions menu on the Sales site, the options available to him are represented in Figure 1 – Site Owner. William has permissions to perform all of these options.

William is a member of the default Site Owners group for the Sales site. The Site Owners group has the Full Control permission level for the site. This is a common permission level for a person who manages a SharePoint site. Users with the Full Control permission level can do almost anything they want to a site and its content.

When Elizabeth, a member of the Sales team, clicks the Site Actions menu on the Sales site, the options available to her are represented in Figure 2 – Site Member. Elizabeth has permissions to perform all of these options.

Any options in the Site Actions menu that would allow editing the site settings or structure are not available for Elizabeth, like they were for William. Elizabeth has the Contribute permission level, which isn't sufficient to perform actions such as create sites or document libraries, change site settings or edit with SharePoint Designer, so the menu options are not displayed for her.

Elizabeth is a member of the default Site Members group for the Sales site. The Site Members group has the Contribute permission level for the site. This is a common permission level for people who add, edit, and delete content on a SharePoint site. They have no permissions to change the overall layout of the site, site settings or site security.

When Louis, an accountant in the company, visits the Sales site, the Site Actions menu is not displayed for him.

Louis is a member of the default Site Visitors group for the Sales site. The Site Visitors group has the Read permission level for the site. This is a common permission level for people who need to read content on a site but not make any changes to it. The Read permission level isn't sufficient to perform actions that change the entire site, so the Site Actions menu is not displayed for him.

Example 2: Library Ribbon

Security trimming applies not only to site-level actions, but also affects how users can interact with site content.

In this example, William goes to the Shared Documents library of the Sales site. Here are the Document options available to him in the ribbon menu. William has permissions to perform all of the options listed in the menus. * You may not see identical menu options; they also depend on the features of your SharePoint environment.

sp-sec1-02.jpg
Figure 3 – Site Owner Documents Menu

And if William selects the Library menu, he will have the following Ribbon menu available to him.

sp-sec1-03.jpg
Figure 4 - Site Owner Library Menu

Now let’s assume Elizabeth goes to the same library as William. Elizabeth has the Contribute permission level. With this permission, Elizabeth has almost all the same abilities for documents in a library as a site owner as can be seen in Figure 5.  

sp-sec1-04.jpg
Figure 5 - Site Member Documents Menu

However, since the Contribute permission level has no rights to change any of the Document Library settings, any options on the Library ribbon menu that would allow such editing are not available. Elizabeth’s Library options are limited to those which pertain to different ways to view the library, but not making any changes to it.

sp-sec1-05.jpg
Figure 6 - Member Library Menu

Now, let’s imagine that Louis goes to the same library as William. As a site visitor, Louis has only the Read permission level, which does not allow him to add or edit document in the library; because of this, few Ribbon menu options are available to him. This security permission level allows Louis to open the document, view its properties or download a copy of the document. No options that allow any changes or creation of new content are available at this level.

sp-sec1-06.jpg
Figure 7 - Visitor Document Menu

If Louis chooses the Library ribbon menu, his options as a visitor with Read permissions are even more limited than Elizabeth’s.

sp-sec1-07.jpg
Figure 8 - Visitor Library Menu

Louis has the options to view the library in external applications, but in SharePoint he cannot even create a customized personal view of this Library. *As mentioned before, the options which actually display on your ribbon menus may differ due to different features being active in your site(s).

In this article, we have explored the reasons behind differences in menus and options based on the permissions assigned to different users of a SharePoint site. In future articles in this series we will delve deeper into SharePoint security with topics aimed more for site administrators in hopes of demystifying security and assisting them to create their own security-trimmed collaborative environment.

Kansas City
3535 Broadway, Suite 500, Kansas City, MO 64108 | 888.660.5731

Saint Louis
111 Westport Plaza Dr., Suite 600, Saint Louis, MO 63146 | 888.660.5731

Powered by Microsoft SharePoint
© Copyright 2011 Valorem Consulting, All rights reserved.