Disable or hide SharePoint “Send To” and “Open with Explorer” menu options


Tech Trek – 2011.08.15

PROBLEM:
I was building an InfoPath form that requires security from certain users of the solution. One of those involve preventing access to the following context menu and ribbon menu options:

  • Send To … Download a Copy
  • Open with Explorer

Unfortunately, these options becomes a loophole if they are available for the security mechanism that I was planning to enforce through browser-based form services. Note, configuring the “Default open behaviour for browser-based documents” in Advanced settings of form library doesn’t prevent a user from selecting the “Edit in InfoPath” option from item menu.

Downloading a local copy allows the end-user to see any restricted views while allowing the “Open with Explorer” option opens the WebDAV folder that could give access to other files in the form library. Not good!

SOLUTION:
As I conduct my research, it’s amazing how many programmers came up with different solutions to resolve such issue. Although, some are simple to implement one key criteria that I had in mind is a “no-code” solution since that is what SharePoint offers in the first place. So with that principle applied, I ended with configuring the permission levels to disable or hide such menu options in both the 2010 ribbon menu and item dropdown without opening SharePoint Designer that could affect any future upgrade issues.

Note, I’m not going to provide the steps here since most SharePoint administration references would walk through such configuration but the key site permission options to note are the following:

  • Use Remote Interfaces
  • Use Client Integration Features (removes Edit in … option)

The best practice is to copy a default permission level and remove the particular permissions that you want to exclude. Just a reminder that disabling the above permissions may include other features that you may want for your site so make sure to “test early and test often” with different accounts that would use the system. Lastly, I created a separate list view page that is similar to the All Items view in a secure document library so that only site administrators have access to it for additional security measures.

The end result, problem solved without custom coding.

References:
Technet User Permissions and Permission Levels (SharePoint 2010)
Technet Configure custom permissions (SharePoint 2010)

Advertisements

7 thoughts on “Disable or hide SharePoint “Send To” and “Open with Explorer” menu options

    1. FYano

      Thanks, Peter for the feedback.

      A couple of these are mental notes on my part and some posts do merit an outline since it does take a couple of configuration steps so I can replicate them much quicker in future projects.

      Also, good to see your posts at SharePoint Experts in LinkedIn.

  1. LeHung

    Absolutely right FYano

    But to hide “Open with Explorer”, you need to uncheck the “Browse Directories – Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.”

  2. Thanks, LeHung.
    Thanks for pointing that out to other possible readers. I did confirm that “Browse Directories” is unchecked in the permission levels for end-users.

    I may re-write this blog post in the future to outline the steps that I made to accomplish this functionality.

  3. Pingback: Changing Permissions on Existing SharePoint Groups « BrainStorage

  4. Pingback: Custom Permission Level to Restrict Download, Delete, and SentTo Destination « BrainStorage

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s