May 1, 2013 1 Comment
I’ve got a task to check why the ribbon was not being displayed for a user with full control on a page on a SharePoint 2010 Publishing site.
Requirements-wise the request made total sense: the user with full control permissions on a page should be able to see the ribbon, check the page out, edit the page, check it back in and publish it. During my tests I noticed the master page had a SPSecurityTrimmedControl control around the ribbon. This control was preventing to ribbon to be shown for the user because it was configure to only show it for users with ManageWeb permissions.
Checking the list of SPBasePermissions values for the PermissionString property I was able to find the permission I wanted to use: EditListItems. This way all users with permissions to edit items/pages can see the ribbon.
When I changed the SPSecurityTrimmedControl control to use the EditListItems permission and published the master page, the user was still not seeing the ribbon.
After a couple of tests using different permissions, I found an article by Infowise explaining the details of the SPSecurityTrimmedControl control and the usage of the PermissionContext property. This property controls the scope of the PermissionString property and by default is uses CurrentSite. Some of the values of the SPBasePermissions are scoped to the List or List Item.
In order to my permission check to work, I had to add the PermissionString property to the SPSecurityTrimmedControl control using the CurrentItem value:
After this change, the user was able to see the ribbon on the pages he had full control permission on and the site admins are still able to see it.