SPSecurityTrimmedControl – Possible Values for PermissionsString

I’m working on an Intranet where virtually everyone will be a Contributor.  We’ve built custom navigation paths to customized forms for the content input, so we want to hide the “View All Site Content” links on every page.  We want to hide it from everyone except the users who have Full Control.

The master page, by default, shows this link as follows (formatted for readability):

<Sharepoint:SPSecurityTrimmedControl runat="server" PermissionsString="FullMask">
  <div>
    <SharePoint:SPLinkButton id="idNavLinkViewAll" runat="server" NavigateUrl="~site/_layouts/viewlsts.aspx" Text="<%$Resources:wss,quiklnch_allcontent%>" AccessKey="<%$Resources:wss,quiklnch_allcontent_AK%>"/>
  </div>
</SharePoint:SPSecurityTrimmedControl>

Easy to find in the master, but what values are available for PermissionsString?  Not an easy thing to find, but if you look at the bottom of this MSDN page at the Community Content, you’ll see the available values.  Thanks to Zac Smith in NZ for posting this!  (Here’s a link to his original blog post.  The one in the MSDN page is no longer valid.)  We’ll experiment with what value works best in our situation.

List Permissions Site Permissions Personal Permissions
ManageLists
CancelCheckout
AddListItems
EditListItems
DeleteListItems
ViewListItems
ApproveItems
OpenItems
ViewVersions
DeleteVersions
CreateAlerts
ViewFormPages
ManagePermissions
ViewUsageData
ManageSubwebs
ManageWeb
AddAndCustomizePages
ApplyThemeAndBorder
ApplyStyleSheets
CreateGroups
BrowseDirectories
CreateSSCSite
ViewPages
EnumeratePermissions
BrowseUserInfo
ManageAlerts
UseRemoteAPIs
UseClientIntegration
Open
EditMyUserInfo
ManagePersonalViews
AddDelPrivateWebParts
UpdatePersonalWebParts

6 Comments

  1. hi Marc D Anderson’s ,

    The permission string=full control was really helped me.thanks Marc D Anderson’s .

    thanks
    mariselvan

    Reply
  2. I was trying to apply these permission strings to user groups, and it seemed counter intuitive. Is there a method for restricting access based on the user group opposed to these permission strings?

    For example I want people with “Read” access to view a specific HTML (in this case a button) whereas I want people with “Contribute” access to view other HTML. What I’ve currently done is attempt to map the Site Permissions to user group, which worked well for “Full Control” and “Read” but was convoluted for “Contribute” access.

    My results were as follows:
    Full Control = ManageWeb
    Contribute = BrowseDirectories
    Read = ViewPages

    This is based on the assumption that the default OOB permissions are used.

    Reply
    • John:

      It’s a bit orthogonal, unfortunately. The roles Read, Contribute, etc. are basically bundles of the various 32 primitive permission values. They are bit-wise ANDed to determine access. You’re heading in the right direction, though.

      If you go to _layouts/role.aspx in the site you want to work in, you’ll see all of the available roles. Clicking on a role shows you which of the 32 permission levels that role has. If you can determine unique permission level for each, you can do what you want.

      M.
      Contributor Permission Levels

      Reply

Leave a Reply