Skip to main content

How does permission-driven security work in SharePoint (also known as security trimming)

One of the biggest concerns companies have out there is that by switching to SharePoint, companies will loose the ability to keep private data private. This is an absolutely wrong assumption. In fact, SharePoint is rock solid when it comes to security and security configuration. It uses a concept called “Security Trimming”. I personally call it permission-driven SharePoint. Let me explain what this is all about.

In pure English, what permission-driven or security trimming means is that if you don’t have access to something in SharePoint, you won’t even know it exists. For example, here is a typical scenario. You create a confidential site, like HR Private site or Executive Leadership team site. You upload some confidential documents into the sites/document libraries. Moreover, you add the site to the Intranet navigation.

And this is where SharePoint security trimming does its thing. Only those who have access to these “private” sites will see the site in the navigation. Moreover, if users do a keyword search in SharePoint, the global search will only turn up results from the sites they have access to. So if a guy from Marketing department does a keyword search in SharePoint and so does the CEO of a company, they will get different navigation and search results based on their security groups and permissions.

securitytrimming3

The same exact concept applies to Office 365 Delve. You know when you visit a user Delve page, it shows their latest activity (files, pages, and sites they last modified)? Users will only get to see the activity from sites they have access to. So if you just happened to modify somebody’s performance review, don’t worry, they will not see it in the Office 365 Delve feed. If you think about it, this works exactly like Facebook – you only get to see feeds from users you are friends with.

securitytrimming1

How do I enable security trimming in SharePoint?

You don’t need to setup anything – it is a default behavior Out of the Box!

How do I disable security Trimming in SharePoint?

You cannot disable Search security trimming, however, you can disable Navigation security trimming. This is strongly discouraged, but if you insist – below are the instructions. Please note this only works on site collections with Publishing features enabled.

  1. Go to Gear Icon > Site Settings > Site Collection Navigation (under Site Collection Administration)
  2. Uncheck “Enable security trimming” boxsecuritytrimming2
  3. Click OK

Security Trimming Exceptions

There are few exceptions to Navigation security trimming. Navigation security trimming will not work:

  • For navigation menu links to sites in other site collections
  • For navigation menu links built using Term Store (managed navigation)
  • For navigation links built with Links web part or Promoted Links web part
  • For navigation links created in SharePoint lists, libraries or inserted onto the pagesecuritytrimming4

You may also like

SharePoint Administrator Roles demystified

November 9th, 2017

You may also like

Share vs. Get a link in SharePoint and OneDrive

May 8th, 2017

You may also like

How to audit employees in SharePoint Online and Office 365

March 23rd, 2017

Need SharePoint Help?

Hourly consulting, training and configuration services are available

Learn More