Custom security trimmer for Sharepoint 2016
https://sharepoint.stackexchange.com/questions/217729
-
23-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We are implementing a web part which will show all the site collections on which user has access(Admin/Member/Read).
But we don't want to show site collections , on which user has access through Everyone/All Authenticated Users group access.
Can anybody tell me how to implement security Pre-trimming for SharePoint 2016 Server search results which will trim site collections which have access to user through Everyone/All Authenticated Users groups.
Solution
The below instructions apply at least to 2013 version of SP (got no 2016 to verify how they'd work on it).
You can query all sites of the site index by using a Content Search Web Part and by setting your own query. The query such as
`contentclass:STS_Site path:"https://yourlocation" -Path={Site.URL}
does the job for this. Here
contentclass:STS_Sitedefines the return type to SharePoint site collections;path:"https://yourlocation"defines the path to be queried including the URL itself and all the subsites below that level. Note that this returns also the possible subsubsites, etc.-Path={Site.URL}excludes the site the web part is located at. This is what you need if you want to search the sites below the current site level, but if you'd search for sites from another location, you could exclude the parent level by e.g. its name -SiteTitle<>SiteNamewhere<>meansNot equals.
Now as you want to exclude results where the permission has been given through the user group, you need to supplement the above query with
-AssignedTo:Everyone
Where - gives the negation. So the final query would be:
`contentclass:STS_Site path:"https://yourlocation" -Path={Site.URL} -AssignedTo:Everyone
If you are interested about further query building possibilities with a CSWP, have a look at: https://technet.microsoft.com/en-in/library/jj683123.aspx?f=255&MSPPError=-2147217396
It's possible, that the returned site collections on the CSWP are formatted as texts without links to the actual paths, which would require a bit further work as detailed below:
For the link you need to customize an available property. From the site collection's root level access Search Schema -settings, search for an available (non-customized) RefinableStringXX where XX is a number from 00 to 99. Choose Edit/Map Property for the selected property. On the Mappings to crawled properties open Add a Mapping, search for ows_SiteName and add it. Now you can use the customized RefinableString property on the CSWP.
Note that the changes to the customized property will be applied during the next incremental crawl. The same applies for the CSWP generally - the crawled items will update after the incremental crawls.
Note the difference between Everyone and All Authenticated Users:
- All Authenticated Users: Active Directory accounts and other accounts (External/MicrosoftID/etc.)
- Everyone: AD accounts, other accounts and Anonymous users
