Wednesday, June 2, 2010

How to create a security trimmed top link in a WSS 3.0 site

Introduction

The other day I had this issue with an out of the box WSS 3.0 site. I had created some subsites. While creating the subsite, one of the options is to choose ‘Display this site on the top link bar of the parent site?’ You can either choose Yes or No.

image

Choosing Yes will of course show the link to this subsite, choosing No will not show the link. Incidentally I choose No in one of my subsites, thus the subsite is not showing in the top link bar of the parent WSS site. It does show in the quick launch bar.

image

Within WSS 3.0 you have the option through Site Actions, Site Settings, in the Look and Feel column to go to the Top link bar and create your own custom ‘tabs’. I created the subsite3 tab and it did show now on the top link bar. Issue closed, me:1 SharePoint: 0…… Not!!!!!

Security trimmed navigation

Here is where security comes into play. When you create a subsite, automatically SharePoint makes it a security trimmed ‘tab’ or link. Meaning, if you have permissions on this subsite, you’ll see the tab. If not, the tab will not show. Nothing new under the sun is it? Just plain good old SharePoint. However, the tab ‘subsite3’ I just created is NOT, I repeat, NOT security trimmed. BTW, if you had chosen Yes and let the link be displayed on the top link bar and then deleted the link and re-created it, it also would not be security trimmed.

I’ll show you how you can see this in the Top link bar and in a real time scenario.

Through Site Actions, Site Settings, in the Look and Feel column go to the Top link bar. Click on the edit button before ‘subsite1’. Notice that the url is greyed out?

image

Now go back 1 step and click on the edit button before ‘subsite3’. Notice that the url is NOT greyed out?

image

Real time scenario

In subsite 1 and 3 I broke the inheritance with the top level Demo site collection and created unique permissions. My demo user ‘Marc Manager’ does NOT have permissions to these subsites. Marc Manager has only got permissions on the top level Demo site collection and Subsite 2.

image

Now, when I log on with the credentials of Marc Manager, you will see that the ‘Subsite3’ tab is NOT security trimmed. The ‘subsite1’ tab is not show, the subsite3 tab does show because it’s just a link. Notice that in the quick launch the ‘subsite3’ link has dissapeared. This is because when I created the subsite 3 website, I choose the option ‘Display this site on the quick launch of the parent site, YES’, thus making it a security trimmed link.

image

So obviously, Marc Manager – the guy he is -  sees the subsite 3 link. When he clicks on it, he will get the logical error, and blaming the whole world and IT Pro’s for this not so friendly error message…..

image

the big questions is.. How can we solve this?

The solution

Okay, ready to dive into some SharePoint Designer? Open up Sharepoint Designer and open the Demo top level site collection website. Always wondered what this Navigation link was?

image

You can also go in the Menu Bar to Site, and choose Navigation from the pull down menu.

You will get this nice Visio kinda’ tree view of the Demo website. This is called the Navigation Map.

image

Within SharePoint Designer, in the Navigation Map you can also build you own top link bar links and quick launch links.  Now right-click on the most right Tab ‘The SharePoint Tob Navigation Bar’ and choose ‘View subtree only’. You will see something like this:image

The Sharepoint Top Navigation Bar has 4 nodes under it. One is Home, which point to the Home page of the Top level site and the others are Subsite1, subsite2 and subsite3.

Now right-click the Sharepoint Top Navigation Bar node and click New -> Page. It will add a node under the Sharepoint Top Navigation Bar. Double click it (this is very important that you do this), it will create a untitled htm page (which you can close immediately) and then back on the untitled 1, right-click it. Choose Properties. You will see something like this:

image

It will allow you to Edit the Hyperlink. If you scroll down, you will see that the Subsite3 site is listed and you could dubbel click it and then select the ‘default.aspx’  and click OK. After this, click once on the untitled 1.html and it will change into the newly created hyperlink. The new added node will point to the Subsite3 now. BTW, the title now shows Subsite3/default.aspx. You can change the title into ‘Subsite 3 security trimmed’ by clicking once on this title. The end results shows something like this:

image

Save the site and then close Sharepoint Designer. Go back to the WSS Demo site, log into this site with administrator credentials and you will find the Subsite3 security trimmed tab is listed in the Top Link Bar.

image

Just checking. Again, go to Site Actions, Site Settings, in the Look and Feel column go to the Top link bar.  Click on the edit button before ‘subsite3 security trimmed’. Notice that the url is greyed out?

image

Almost there. Now go to the edit button before ‘subsite3’ and choose Delete.

Finally, go back to the WSS top level site collection Demo and again login with Marc Managers’ credentials. Marc will now only see the sites he’s got permissions on through the security trimmed top link bar.

image

Marc Manager is now a happy SharePoint demo user again….

29 comments:

  1. SharePoint is a web based collaboration tool. Short and sweet. Yes it does a lot of things some good and some bad, but to me basically that is the goal of SharePoint oh right Lotus too..

    ReplyDelete
  2. Thanks for giving information about SharePoint creating security. That's useful for who has use that SharePoint tools. it's have many more useful tools. Sharepoint Development

    ReplyDelete
  3. You've helped me a lot!

    I'm trying to find it few months ago and I've noticed that it had no solution...
    But right now your suggestion worked so fine!

    Thank you so much!!

    ReplyDelete
  4. Hi Gambin,
    Glad to be of any help. That's what we are all in for, helping eachother out!
    Peter

    ReplyDelete
  5. Peter, thanks a lot for this post. The screenshots made it very clear and it worked perfectly.

    ReplyDelete
  6. Hi Kit,
    Thx. Good to hear you could solve your problem with this post!
    Peter

    ReplyDelete
  7. Is there any way to do the same thing with unassociated sites? Meaning that they are not directly related to the parent site. I have a main WSS site, and departmental Subsites, however, because the departmental subsites are their own Content Databases, they don't share or inherit the Top Bar, therefore the only way to have them display is to manually add them to the Top Bar Links config. The problem is that every tab is seen by all users, regardless if they have permission. I need security controled tabs based on the security of the individual site, not that of the Parent Site.

    ReplyDelete
  8. Hi Rick,
    Unfortunately this is not possible out of the box by design. In this scenario you have to 'build' your own menu using the the SharePoint API to make the items security trimmed. This can only be done by opening Visual Studio and create a custom navigation provider to make this happen.....

    ReplyDelete
  9. Hi Peter,

    Thank you, this worked perfectly for my WSS3.0 implementation! :)

    I appreciate that you've taken the time to post this.

    Regards from Melbourne, Australia

    Tony

    ReplyDelete
  10. Hi Tony,
    Nice to read that people from Australia are reading my blog! You are most welcome!
    Peter

    ReplyDelete
  11. Hi Peter,

    I am having difficulty finding the Navigation link in SharePoint Designer 2010.

    Can you help?

    Thanks.

    ReplyDelete
  12. Hi Peter,

    Nice! I almost concluded to make the subsite all over again..

    One question, when i'm on the topsite, the added subsite toplink stays active (qua color).


    any idea?

    ReplyDelete
  13. Hi Sietse,
    Regarding your question about the addes subsite toplink staying active colorwise. In some cases this happens when you have 2 top links which point to the same url. Maybe you have created manually through the browser a (hidden) top link heading or hyperlink to the same url as the one which you created through SharePoint Designer?

    ReplyDelete
  14. Hi Peter,

    thx for your quick reply.
    That's probably what happend...

    I have a subsite from which the default.aspx was corrupt, (offcourse i had a copy :) ) and i have set the copy as introduction page via SPD (right click, etc) Then i've deleted the corrupt default.aspx. After that, the toplink was gone..

    Even via SPD > navigaton there was no toplink from this subsite any more.

    Then i found your post and added the toplink via SPD manually.
    so it is possible that the orginal toplink is "somewhere".. :)
    How or where can i see a hidding toplink?

    do you have any suggestion?

    thx, again!

    ReplyDelete
  15. Hi Siets,
    I don't know excactly what your scenario is, but from what I understand, your problem is somewhat different from my blogpost. I assume that in your scenario you have a WSS Team site without the publishing features activated? If yes, I would encourage you use the option 'Reset to site definition' in the Look and Feel section of the Site settings. Next, on 'Reset specific page to site definition version' set this to your default.aspx like http:///<subsite/default.aspx and push the Reset button. After this, you default.aspx will be reghosted and you will get your original default.aspx back in your subsite containing the top level bar again..

    ReplyDelete
  16. How can this be done in SharePoint designer 2010?

    ReplyDelete
  17. Hi Anonymous,
    that's a good question. It appears that in SharePoint Designer 2010 this option has been removed. I haven't seen this. I also tried with SharePoint Manager 2010 to see if this is possible, but unfortunately without success..

    ReplyDelete
  18. Peter, this is fantastic. Just what I needed. One question though; once the above is complete is it necessary to keep the untitled pages that are created or can they be deleted?

    ReplyDelete
  19. Hi Peter, thanks for this. Do you have any thoughts on security trimming links within a HTM document - I have created a 'Site Map' HTM with links to useful Sites/Pages/Files that are scattered across a number of Sites, that Users may (or may not) have access to. In an ideal world I would like to Security Trim the HTM to only show links that they are authorised to access.
    Thanks in advance
    Jon B

    ReplyDelete
  20. Hi Peter, I agree with all the people saying how fantastic the above is.
    In my case I wanted to link to an opened Document Library rather than the default.aspx and did not want any users who did not have access to the library to see the top link bar.
    I followed the above advice but just replaced the default.aspx link step with pasting the url to the document library when it was opened.
    It worked a treat and will save multitudes of support calls from users who did not know how to click a document library title to open the library with Sharepoint controls active. I have been frustrated by this for the past 4 years and am very excited by this information. Many thanks for sharing your knowledge!

    ReplyDelete
  21. Hi Peter,

    Nice solution! Would this work for links to Site Collections (in the same farm) as well?

    ReplyDelete
  22. Hi Phillip. Thx for the kind words! And also thx for sharing your scenario and using this in the top level navigation pane. Thx!

    ReplyDelete
  23. Hi Anonymous,
    No, this scenario doesn't work for links in various site collections in a farm. This only works in one site collection each, unfortunately. You have to build a custom navigation provider for this to get this working..

    ReplyDelete
  24. Hi Peter

    This looks like a great solution. I am using sharepoint designer 2010. How do I find the navagation map in Designer 2010?

    Thanks!
    J~

    ReplyDelete
  25. Hi Anonymous,
    Unfortunately the navigation map has disapeared in Designer 2010 so this solution only works in Moss 2007 and Designer 2007.

    ReplyDelete
  26. I have been looking all over for this solution! Although it can be tricky knowing the correct terms to search for. I am so glad I found this. Thank you so much for providing the information!

    ReplyDelete
  27. Thanks Peter!
    This was never an issue before, but when I know created a group with very limited access they got really frustrated when they saw a lot of links they couldn't use.
    I did the same think with the quick launch, where I have links to list views. Works superb!

    ReplyDelete
  28. Terrific post, please do a follow-up for SP 2013

    ReplyDelete
  29. Great post, thanks!

    ReplyDelete