Doesn't Publishing Pages get security-trimmed?
-
09-12-2019 - |
Question
I am testing the SharePoint navigation with this setup.
Root-Site `All have access`
----SubSite1 `UserA does not have access`
--------SubSite1/Pages/default.aspx `inherits permissions from SubSite1`
If I create a heading or link in the Navigation Settings which refers to SubSite1 it will not be shown to UserA, which is correct behaviour.
But if I create a heading or link in the Navigation Settings to SubSite1/Pages/default.aspx it will be shown to the UserA
Why is this? Is this a shortcoming of SharePoint? In that case how do I make PortalSiteMapProvider to also security-trim pages?
Solution
After long time of no answer I kinda managed to answer my own question, which might be of help to future developers.
ACL Caches the permissions. My problem was that when I made a navigationlink to a page and the chagned the permission of that page afterwards the problem could be seen.
But if I first made changes to the permission and then made a link to this page, everything worked. However, a IISReset also fixes the issue since it wipes the ACL Cache.