Skip to main content
< All Articles

How does permission-driven security work in SharePoint (also known as security trimming)

Posted on March 30, 2017
SharePoint

One of the biggest concerns companies have out there is that by switching to SharePoint, companies will lose the ability to keep private data private. This is an absolutely wrong assumption. In fact, SharePoint is rock solid when it comes to security and security configuration. It uses a concept called “Security Trimming.” I personally call it permission-driven SharePoint. Let me explain what this is all about.

In pure English, what permission-driven or security trimming means is that if you don’t have access to something in SharePoint, you won’t even know it exists. For example, here is a typical scenario. You create a confidential site, like the HR Private site or the Executive Leadership team site. You upload some confidential documents into the sites/document libraries. Moreover, you add the site to the Intranet navigation.

And this is where SharePoint security trimming does its thing. Only those who have access to these “private” sites will see the site in the navigation. Moreover, if users do a keyword search in SharePoint, the global search will only turn up results from the sites they have access to. So if a guy from the Marketing department does a keyword search in SharePoint, and so does the CEO of a company, they will get different navigation and search results based on their security groups and permissions.

securitytrimming3

The same exact concept applies to Office 365 Delve. You know when you visit a user’s Delve page, it shows their latest activity (files, pages, and sites they last modified)? Users will only get to see the activity from sites they have access to. So if you just happened to modify somebody’s performance review, don’t worry; they will not see it in the Office 365 Delve feed. If you think about it, this works exactly like Facebook – you only get to see feeds from users you are friends with.

securitytrimming1

How do I enable security trimming in SharePoint?

You don’t need to set up anything – it is a default behavior Out of the Box!

How do I disable security Trimming in SharePoint?

You cannot disable Search security trimming, however, you can disable Navigation security trimming. This is strongly discouraged, but if you insist – below are the instructions. Please note this only works on site collections with Publishing features enabled.

  1. Go to Gear Icon > Site Settings > Site Collection Navigation (under Site Collection Administration)
  2. Uncheck “Enable security trimming” boxsecuritytrimming2
  3. Click OK

Security Trimming Exceptions

There are few exceptions to Navigation security trimming. Navigation security trimming will not work:

  • For navigation menu links to sites in other site collections
  • For navigation menu links built using Term Store (managed navigation)
  • For navigation links built with Links web part or Promoted Links web part
  • For navigation links created in SharePoint lists, libraries or inserted onto the pagesecuritytrimming4

About Me

I’m Greg Zelfond, a U.S. based SharePoint consultant, and I provide affordable out-of-the-box SharePoint consulting, training, and configuration assistance to small and medium-sized businesses all over the world.

Need help?