Hide "Site Actions" for the anonymous users (The easy way)

Many times you need to give your anonymous users an access to add information to a part of your site (ex a feedback list ), but you do not want to give them any more privileges. That would be easy, you edit the permissions for your list, you give the anonymous users the permission to add, or edit. All will be fine except that when the users open the new item form (normally called NewForm.aspx) they will have the “Site Actions” dropdown enabled with the action “View All Site Content”. He can click this and see the entire site content page “*/_layouts/viewlsts.aspx”. Though he might not see anything he is not permitted to see but this is annoying. There is a logic inside SharePoint technologies for this behavior but it does not seem to be valid in the public facing website for anonymous users.

Do not worry; there is a solution for this. And the solution is so easy. Using the SharePoint:SPSecurityTrimmedControl object in your master page you can solve this, so let’s do it step by step.

Firstly create the permission level appropriate for the users who shall see the “Site Actions” dropdown. Go to “Site Permissions” from the site collection root, from settings dropdown choose “Permission Levels”:

You can create a new permission level or you can open “Contribute” then click “Copy Permission Level” as I did and then name your new level like “My Permission”. By default it will take all the permissions in the “Contribute” level. I added two levels for my users as they need these permissions to control the site: “Manage Site” and “Add and Customize Pages” from “Site Permission” section.

I created a new group “My Group” and added all the users that will control the site. Then, I added this permission level on the “Site Permission” page to this group:

Click the image to enlarge

Now go to the master page you use and look for the “Site Action” code, it might look like this:

Or like this:

<SharePoint:SiteActions runat="server" AccessKey="<%$Resources:wss,tb_SiteActions_AK%>" id="SiteActionsMenuMain"
         PrefixHtml="<div><div>"
         SuffixHtml="</div></div>"
         MenuNotVisibleHtml=" ">
   ........ other custom code .........
</SharePoint:SiteActions>

Now add this code to contain the “Site Actions” object:

<SharePoint:SPSecurityTrimmedControl ID = "spstcSiteActions" runat = "server" PermissionsString = "ManageWeb" > ……your site actions object …… </SharePoint:SPSecurityTrimmedControl>

Your code will look like this:

<SharePoint:SPSecurityTrimmedControl ID = "spstcSiteActions" runat = "server" PermissionsString = "ManageWeb" >
<span class="siteActionMenu">
<PublishingSiteAction:SiteActionMenu runat="server"/>
</span>
</SharePoint:SPSecurityTrimmedControl>

Or like this:

<SharePoint:SPSecurityTrimmedControl ID = "spstcSiteActions" runat = "server" PermissionsString = "ManageWeb" >
<SharePoint:SiteActions runat="server" AccessKey="<%$Resources:wss,tb_SiteActions_AK%>" id="SiteActionsMenuMain"
PrefixHtml="<div><div>"
SuffixHtml="</div></div>"
MenuNotVisibleHtml=" ">
........ other custom code .........
</SharePoint:SiteActions>
</SharePoint:SPSecurityTrimmedControl>

Now you are done. “Site Actions” will appear only for the users who have the “Manage Site” permission. If you would like users with less permission to see “Site Actions” you can change or add these permission in the “PermissionsString” property. Example: PermissionsString: " ManageLists" or PermissionsString: "ManageWeb, ManageLists". For all the available permissions you can add and assign to users please see the following table:

List Permissions

ManageLists
CancelCheckout
AddListItems
EditListItems
DeleteListItems
ViewListItems
ApproveItems
OpenItems
ViewVersions
DeleteVersions
CreateAlerts
ViewFormPages

Personal Permisions

ManagePersonalViews
AddDelPrivateWebParts
UpdatePersonalWebParts

Hi,

Its really use full article for me.

Thanks for post.

You're using the default search results page that is in Templates folder. This page uses a different master page also on the Templates folder. I advise you to create your own search center and use your publishing master page then it will work. To learn how to create your own search center and brand it with your master page read my article "Creating your own search center in MOSS 2007" on this blog

I've modified my default master file to hide the site actions for anybody who doesn't have ManageWeb permissions, but it STILL shows up on my search results page (the default page _layouts/OSSSearchResults.aspx). Any ideas how to get rid of it on search too? I've been trying to find a solution for days now!