locked
How to limit access to sharepoint web part RRS feed

  • Question

  • I would like to restrict access to my newly developed webpart to only a certain group of users who belong to active directory group. I came across a few articles on MS website but none of them provide step by step information as to how this can be achieved. Can anyone tell me what changes are required in web.config or how to create policy file? I am not concerend about code security but my concern is to limit access to web part.

    Thanks in advance,

    PM


    Palak Mody

    Tuesday, April 10, 2012 11:41 PM

Answers

  • Hi Palak,

    By default, every web part (out of the box or custom) in the Web Part Gallery is available to content contributors when they click on Add a Web Part in edit mode. There may be times where you want to limit what web parts certain contributors have access to use. For example, to provide only the common web parts to keep it simple, or to control the use of custom web parts. Like anything else in SharePoint, these are also security trimmed.

    From the Web Part Gallery (Site Actions, Site Settings, Modify All Site Settings, then click Web Parts under Galleries), click the edit icon for the web part you want to hide. From the edit screen, click Manage Permissions. Like trimming permissions anywhere else in the site, break permissions by clicking Actions / Edit Permissions. Remove the groups you want to limit from accessing the web part.

    By default, every web part (out of the box or custom) in the Web Part Gallery is available to content contributors when they click on Add a Web Part in edit mode. There may be times where you want to limit what web parts certain contributors have access to use. For example, to provide only the common web parts to keep it simple, or to control the use of custom web parts. Like anything else in SharePoint, these are also security trimmed.
    From the Web Part Gallery (Site Actions, Site Settings, Modify All Site Settings, then click Web Parts under Galleries), click the edit icon for the web part you want to hide. From the edit screen, click Manage Permissions. Like trimming permissions anywhere else in the site, break permissions by clicking Actions / Edit Permissions. Remove the groups you want to limit from accessing the web part.
    The trick is getting your groups set up so that you can limit web part access to those you want while not limiting other users. For example, if you remove a group where only some are to be limited while others in that group still need access to add that web part, you'll need to make sure those other users belong to another group that retains permissions to add the web part.

    For more information, please refer to the following link:
    http://www.thesug.org/Blogs/sharepointunwrapped/archive/2009/04/17/Limiting_the_Web_Parts_Available_to_Users.aspx.aspx

    Thanks,
    Lhan Han
    Thursday, April 12, 2012 3:50 AM
    Moderator

All replies

  • I would like to restrict access to my newly developed webpart to only a certain group of users who belong to active directory group. I came across a few articles on MS website but none of them provide step by step information as to how this can be achieved. Can anyone tell me what changes are required in web.config or how to create policy file? I am not concerend about code security but my concern is to limit access to web part.

    Thanks in advance,

    PM


    Palak Mody

    Tuesday, April 10, 2012 11:40 PM
  • By limit access do you mean limit other user's abilty to add it to the page or their ability to see the web part?

    If its the former then you need to set custom security permissions on the .webpart file deployed to the webpart gallery.  User's must have read access to that file to add the web part to the page.  If you want only certain users to see the output of the webpart then you should buld that into the pre-render event of the web part and toggle the visiblity of the web part if a user isn't in the right group.  There is no way to limit access to the web part by modifying the web.config or applying a custom CAS policy.


    Paul Stork SharePoint Server
    MVP Chief SharePoint Architect: Sharesquared
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    Tuesday, April 10, 2012 11:53 PM
  • I don't think you can configure the access at the web part level. The security groups only works at page level in a site. you cannot set the security to a individual web part.

    If only you want to hide the web part then you can go for the audience feature in SharePoint. Do a profile import from your active directory and create the audience. Set the audience targetting to your web part. This will help you.


    Kathir

    Wednesday, April 11, 2012 2:47 AM
  • Thanks Paul for your response. I think I would like to restrict the ability for the user to add web part to a page, knowing that it would surely restrict them from seeing the output of the webpart.

    For this purpose, what kind of changes I would need to make to the .webpart file? Do you know of a link that illustrates this?

    Thanks,

    PM


    Palak Mody

    Wednesday, April 11, 2012 4:28 PM
  • Hi Palak,

    By default, every web part (out of the box or custom) in the Web Part Gallery is available to content contributors when they click on Add a Web Part in edit mode. There may be times where you want to limit what web parts certain contributors have access to use. For example, to provide only the common web parts to keep it simple, or to control the use of custom web parts. Like anything else in SharePoint, these are also security trimmed.

    From the Web Part Gallery (Site Actions, Site Settings, Modify All Site Settings, then click Web Parts under Galleries), click the edit icon for the web part you want to hide. From the edit screen, click Manage Permissions. Like trimming permissions anywhere else in the site, break permissions by clicking Actions / Edit Permissions. Remove the groups you want to limit from accessing the web part.

    By default, every web part (out of the box or custom) in the Web Part Gallery is available to content contributors when they click on Add a Web Part in edit mode. There may be times where you want to limit what web parts certain contributors have access to use. For example, to provide only the common web parts to keep it simple, or to control the use of custom web parts. Like anything else in SharePoint, these are also security trimmed.
    From the Web Part Gallery (Site Actions, Site Settings, Modify All Site Settings, then click Web Parts under Galleries), click the edit icon for the web part you want to hide. From the edit screen, click Manage Permissions. Like trimming permissions anywhere else in the site, break permissions by clicking Actions / Edit Permissions. Remove the groups you want to limit from accessing the web part.
    The trick is getting your groups set up so that you can limit web part access to those you want while not limiting other users. For example, if you remove a group where only some are to be limited while others in that group still need access to add that web part, you'll need to make sure those other users belong to another group that retains permissions to add the web part.

    For more information, please refer to the following link:
    http://www.thesug.org/Blogs/sharepointunwrapped/archive/2009/04/17/Limiting_the_Web_Parts_Available_to_Users.aspx.aspx

    Thanks,
    Lhan Han
    Thursday, April 12, 2012 3:50 AM
    Moderator
  • "If you want only certain users to see the output of the webpart then you should buld that into the pre-render event of the web part and toggle the visiblity of the web part if a user isn't in the right group.  There is no way to limit access to the web part by modifying the web.config or applying a custom CAS policy."

    Totally incorrect. Have you heard of Audience?


    Regards,
    Hristo Yankov


    Thursday, August 21, 2014 10:48 AM
  • You can restrict a user from adding a web part to the page by changing permissions on the .Webpart or .DWP file in the web part gallery.  But once the web part has been added to the page by someone else the user would still see the output whether they can add it to the page or not.

    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    Saturday, August 23, 2014 4:20 PM