locked
SharePoint 2010 Top Link Inheritence and Permissions RRS feed

  • Question

  • We have an issue in SharePoint (Enterprise) 2010 with our Top Link NavBar inheritance and permissions across sub-sites.

    Current Configuration

    We have a root site collection: RSC1. Under the root site collection we have 2 (sub) sites:  Site1 and Site2.

    Each sub site Site1 and Site2 does not inherit security permissions from the root site collection RSC1.  However, it does inherit the Top Link Bar.

    We have a number of users who can access the sites.

    • Site1User - Member of the 'Site1 Members' which have the Contribute Permission.
    • Site1Admin - Member of the 'Site1 Owners' which has the Full Control Permission.

    Site1Admin and Site1User do not have any permission to access Site2.  If they navigate directly to this site they get the Access Denied error.

    Access Issues

    • When Site1User accesses the RSC1 site, they see Home and Site1 links in the Top Link Bar Navigation. 

    • When Site1User visits the Site1 site, they see Home and Site1 links in the Top Link Bar. This is how I expect it to work.

    • When Site1Admin accesses the RSC1 site, they see Home and Site1 links in the Top Link Bar Navigation. 

    • When Site1Admin visits the Site1 site, they see Home, Site1 and Site2 links in the Top Link Bar.
    • When Site1Admin clicks the Site2 link they get the Access Denied screen.  Clicking "Back To Site" link takes them back to Site2 Home Page, which they don't have access to, and therefore they are in an endless loop (which the admin users do not like).

    I would expect Site1Admin not to see the Site2 site in the Top Link Bar Navigation from Site1 as they do not have permission to access this site.  Why are these security checks performed differently at root site collection and subsite level?

    However, as this is still essentially my first SharePoint 2010 project I am a bit baffled.  Any thoughts on how I can prevent Site1Admin from seeing the Site2 link from the Site1?

    Looking at the site navigation direct from a C# Console application I can see that TargetSecurityScopeId is set - which corresponds to the Site2 Id (GUID).

    If I stop inheriting the parent Top Navigation Bar and add a SPNavigationNode which points to Site2, the Site1Admin can still see Site2 in the top navigation bar links. When they click on it they get the Access Denied. Either isExternal constructor parameter is true or false:

    SPNavigationNode ssfdmNew = new SPNavigationNode("SSFDM", spWeb.Webs["SSFDM"].ServerRelativeUrl, true);

    or

    SPNavigationNode ssfdmNew = new SPNavigationNode("SSFDM", spWeb.Webs["SSFDM"].ServerRelativeUrl, false);

    Thanks

    Andez


    Andez (Please mark as answer if it helps)


    • Edited by Andez Thursday, November 14, 2013 4:06 PM
    Thursday, November 14, 2013 4:01 PM

Answers