When working on a SharePoint 2010 Designer project that required 7 security groups that were allowed to view different libraries and required multiple views of the library, we came across a security trimming issue. This specific project required that we used an out-of-the-box SharePoint Team Project in which we were required to create the entire site with SharePoint’s existing features and customize the Quick Launch menu to allow the display multiple views based on a single Library. The out-of-the-box limitation created a security trimming challenge for us, because only the default view of a Library can display or hide links in the Quick View bar via security settings of users or security group. If secondary views were created, that were not default views, then those Quick Launch links always display no matter what security lever the users or groups have. It is important to note, that if a user who lacked the security to the library, although they could still see and click on the link to the secondary view of the library, once the secondary view displayed they received an access denied error. Our project requirements, however, mandated the links to be hidden if a user or group did not have access to the view that the link pointed to.
After brainstorming possible solutions, our team came up with an out-of-the-box work-around for this security trimming task. Our solution was to create the secondary List View, but we excluded it from the Quick View menu. Instead, we create a new, “empty”, Library. This new Library contained a web part that was contained within the default view and was only used as the place holder to redirect to the secondary List View of our original Library. This workaround allowed us to give the client what they wanted as far as the security trimming goes, while still sticking to the out-of-the-box SharePoint requirement.
Here are the steps we took to create the security trimming work-around for a non default List View:
- Go to the default view of your Library. I will use Shared Documents as my example.
- In the Library Tools Menu go to Library -> Create View.
- For the view format select Standard View.
- Type in your View Name and Web address Filename for your secondary view. Leave the checkbox unchecked. Note the location of this filename as you will use it later in this tutorial.
- In the Filter section, add a filter to only show documents Created By the user who is logged in. Click the OK button.
- Now we will need to create a new “empty” Library that will redirect to the Secondary View of our original Library, Shared Documents. Navigate to Site Actions -> New Document Library.
- Type in a Name and Description. Select Yes for Display this document library on the Quick Launch. Select No for Document Version History. Then, click the Create button.
- On your new document library, go to Site Actions -> Edit Page.
- Click on the Add a Web Part link.
- Select the Media and Content Category, select the Content Editor Web Part, and then click the Add button.
- In the Content Editor click the link: Click here to add new content.
- Navigate to HTML -> Edit HTML Source.
- While we are on this screen you can go ahead and delete the library view, because we are just using this library as a redirect for the work-around. Click on the down arrow on the right-hand side of the My Shared Documents View and click Delete.
The security trimming work-around is now in place! When you click on your “empty” library link (My Shared Documents) in the Quick Launch bar, it will redirect you to the secondary view of the Shared Documents Library that only contains documents created by the logged-in user.