Hide Site Settings & Site Contents From Gear Button In SharePoint 2013
Introduction
SharePoint 2013 provides a robust platform for collaboration and content management. The Gear button, located at the top right corner of the SharePoint site, offers quick access to various site settings and features. However, by default, all users can view and access these settings, which may not be desirable in certain scenarios. In this article, we will explore how to hide the "Site Contents" and "Site Settings" options from the Gear button, making them accessible only to administrators.
Why Hide Site Settings & Site Contents?
There are several reasons why you might want to hide the "Site Contents" and "Site Settings" options from the Gear button:
- Security: By limiting access to these settings, you can prevent non-administrators from making changes that could compromise the site's security or integrity.
- Productivity: Hiding these settings can help reduce clutter and distractions, allowing users to focus on their work without being tempted to explore settings that are not relevant to their role.
- Governance: By controlling access to site settings, you can ensure that changes are made in a controlled and approved manner, reducing the risk of unintended consequences.
Changing Permission String Value
To hide the "Site Contents" and "Site Settings" options from the Gear button, you can try changing the permission string value. This involves modifying the SPSecurity class to filter out the "Site Contents" and "Site Settings" links.
Here's an example of how you can achieve this:
using Microsoft.SharePoint;
using Microsoft.SharePoint.Administration;
public class CustomSecurity
{
public static void FilterSiteSettingsLinks(SPWeb web)
{
// Get the current user's permissions
SPUser user = web.CurrentUser;
// Check if the user is an administrator
if (user.IsSiteAdmin)
{
// Do nothing, allow access to site settings
}
else
{
// Filter out the "Site Contents" and "Site Settings" links
web.Navigation.FilteredTopNavigation = new SPNavigationFilterPageCollection(web);
web.Navigation.TopNavigation = new SPNavigationFilterPageCollection(web);
}
}
}
Registering the Custom Security Class
To register the custom security class, you'll need to add a new event receiver to the SharePoint site. This will allow you to execute the custom security code when the site is initialized.
Here's an example of how you can register the custom security class:
using Microsoft.SharePoint;
using Microsoft.SharePoint.Administration;
public class CustomSecurityEventReceiver : SPFeatureReceiver
{
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
// Get the current web
SPWeb web = properties.Feature.Parent as SPWeb;
// Register the custom security class
web.Site.WebApplication.AddWebConfigModification(
"System.Web.Extensions",
"add",
"<pages controlRenderingCompatibilityVersion=\"4.0\" enableEventValidation=\"true\" enableViewStateMac=\"true\" validateRequest=\"false\"/>",
"system.web/pages",
"http://schemas.microsoft.com/sharepoint/2010/config",
true,
true
);
// Filter out the "Site Contents" and "Site Settings" links
CustomSecurity.FilterSiteSettingsLinks(web);
}
}
Configuring the Custom Security Class
To configure the custom security class, you'll need to add a new feature to the SharePoint site. This will allow you to specify the permissions and settings for the custom security class.
Here's an example of how you can configure the custom security class:
<?xml version="1.0" encoding="utf-8"?>
<Feature xmlns="http://schemas.microsoft.com/sharepoint/">
<Properties>
<Property Key="Title" Value="Custom Security" />
<Property Key="Description" Value="Custom security class for SharePoint 2013" />
</Properties>
<ActivationDependencies>
<ActivationDependency Id="Microsoft.SharePoint" />
</ActivationDependencies>
<ElementManifests>
<ElementManifest Location="CustomSecurity.xml" />
</ElementManifests>
</Feature>
Conclusion
Hiding the "Site Contents" and "Site Settings" options from the Gear button in SharePoint 2013 can be achieved by modifying the permission string value and registering a custom security class. By following the steps outlined in this article, you can ensure that these settings are accessible only to administrators, reducing the risk of security breaches and improving overall site governance.
Best Practices
When implementing custom security classes in SharePoint 2013, it's essential to follow best practices to ensure that your solution is secure, scalable, and maintainable. Here are some tips to keep in mind:
- Use secure coding practices: When writing custom code, use secure coding practices to prevent common web application vulnerabilities such as SQL injection and cross-site scripting (XSS).
- Test thoroughly: Thoroughly test your custom security class to ensure that it works as expected and doesn't introduce any security vulnerabilities.
- Monitor and maintain: Regularly monitor and maintain your custom security class to ensure that it remains secure and up-to-date.
Introduction
In our previous article, we explored how to hide the "Site Contents" and "Site Settings" options from the Gear button in SharePoint 2013. This can be achieved by modifying the permission string value and registering a custom security class. In this article, we will answer some frequently asked questions (FAQs) related to this topic.
Q: Why do I need to hide the "Site Contents" and "Site Settings" options?
A: Hiding these options can help improve site security and governance by limiting access to sensitive settings and features. This can also help reduce clutter and distractions, allowing users to focus on their work without being tempted to explore settings that are not relevant to their role.
Q: How do I modify the permission string value?
A: To modify the permission string value, you can use the SPSecurity class to filter out the "Site Contents" and "Site Settings" links. This involves creating a custom security class that checks the user's permissions and filters out the links accordingly.
Q: What is the custom security class, and how do I register it?
A: The custom security class is a custom code that is executed when the site is initialized. It checks the user's permissions and filters out the "Site Contents" and "Site Settings" links. To register the custom security class, you need to add a new event receiver to the SharePoint site.
Q: How do I configure the custom security class?
A: To configure the custom security class, you need to add a new feature to the SharePoint site. This will allow you to specify the permissions and settings for the custom security class.
Q: What are the best practices for implementing custom security classes in SharePoint 2013?
A: When implementing custom security classes in SharePoint 2013, it's essential to follow best practices to ensure that your solution is secure, scalable, and maintainable. Some of the best practices include:
- Use secure coding practices: When writing custom code, use secure coding practices to prevent common web application vulnerabilities such as SQL injection and cross-site scripting (XSS).
- Test thoroughly: Thoroughly test your custom security class to ensure that it works as expected and doesn't introduce any security vulnerabilities.
- Monitor and maintain: Regularly monitor and maintain your custom security class to ensure that it remains secure and up-to-date.
Q: Can I use this solution in SharePoint Online?
A: Yes, you can use this solution in SharePoint Online. However, you may need to modify the code to accommodate the differences between SharePoint 2013 and SharePoint Online.
Q: How do I troubleshoot issues with the custom security class?
A: To troubleshoot issues with the custom security class, you can use the SharePoint logs and debugging tools to identify the source of the problem. You can also use the SharePoint SDK and documentation to get more information about the custom security class and how to troubleshoot it.
Conclusion
Hiding the "Site Contents" and "Site Settings" options from the Gear button in SharePoint 2013 can be achieved by modifying the permission string value and registering a custom security class. By following the steps outlined in this article and the FAQs, you can ensure that these settings are accessible only to administrators, reducing the risk of security breaches and improving overall site governance.
Additional Resources
For more information about custom security classes in SharePoint 2013, you can refer to the following resources:
- SharePoint 2013 SDK: The SharePoint 2013 SDK provides detailed information about custom security classes and how to implement them.
- SharePoint 2013 documentation: The SharePoint 2013 documentation provides information about custom security classes and how to troubleshoot issues with them.
- SharePoint community: The SharePoint community provides a wealth of information and resources about custom security classes and how to implement them.