How to manage Hub navigation security trimming

When you setup sites in a larger organization, you’re probably going to investigate Hub Sites to manage the site structure. The configuration of Hub Sites allows you to create a general navigation structure that automatically is pushed to all sites linked to the Hub site, hence assuring consistency, and limiting the amount of management to do.

While the general setup is straightforward, you may encounter exceptions where Hub navigation shouldn’t be pushed through.

Let’s take for example a Project Hub to group larger projects. In this case it would be advantageous that users who have no access to the other sites, would not see them. What are the best ways to handle this?

Option 1: plain old default settings

Yups, the first one is the easiest one; just working with the default options for Hub navigation. In this case you add links and headers to your Hub navigation, not considering permissions to the related sites.

Default Hub navigation Link Item

The biggest drawback here is that the navigation is not security trimmed, hence you’ll see items which you’re not allowed to see. Luckily the user will get an access denied when they click on one of the oof-limits items.

What happens in the background is that the hub navigation is stored in a hidden list, both in the Hub site, and a copy in each connected site in a hidden ‘/_catalogs/hubsite’ list. The structure is e.g.

{"headerEmphasis":null,"themeKey":null,"name":"Projects Hub","url":"https://tenant.sharepoint.com/sites/ProjectsHub","logoUrl":null,"logoFileHash":0,"usesMetadataNavigation":false,"megaMenuEnabled":false,"navigation":[{"Id":2006,"Title":"Project 1","Url":"https://tenant.sharepoint.com/sites/Project1","IsDocLib":false,"IsExternal":false,"ParentId":1002,"ListTemplateType":0,"AudienceIds":null,"CurrentLCID":1033,"Children":[]},{"Id":2007,"Title":"Project 2","Url":"https://tenant.sharepoint.com/sites/Project2","IsDocLib":false,"IsExternal":false,"ParentId":1002,"ListTemplateType":0,"AudienceIds":null,"CurrentLCID":1033,"Children":[]}],"isNavAudienceTargeted":false,"siteDesignId":"00000000-0000-0000-0000-000000000000","requiresJoinApproval":false,"hideNameInNavigation":false,"parentHubSiteId":"00000000-0000-0000-0000-000000000000","relatedHubSiteIds":null}

Option 2: Hub configuration – Audience targeting

Luckily Microsoft extended the navigation with an option to add audience targeting to navigation items. You first need to enable this by editing the Hub navigation and then enable the option at the bottom of the hub navigation pane.

When you now create or update a navigation item, you will notice that an option ‘Audiences to target’ has been added.

20210217-hubnavigationnewlinkwithaudiencetargeting

This option does give us a way to limit access to a navigation item, but if you’re having a large navigation to manage, and all items need to be restricted … it will take you some time and follow-up.

The moment you add an audience to a navigation item, an icon will be added in the overview to indicate this.

In the background the hiddenlist is updated to reflect this change by adding an audienceID and by setting isNavAudienceTargeted to ‘true’.

{"headerEmphasis":null,"themeKey":null,"name":"Projects Hub","url":"https://tenant.sharepoint.com/sites/ProjectsHub","logoUrl":null,"logoFileHash":0,"usesMetadataNavigation":false,"megaMenuEnabled":false,"navigation":[{"Id":2006,"Title":"Project 1","Url":"https://tenant.sharepoint.com/sites/Project1","IsDocLib":false,"IsExternal":false,"ParentId":1002,"ListTemplateType":0,"AudienceIds":null,"CurrentLCID":1033,"Children":[]},{"Id":2007,"Title":"Project 2","Url":"https://tenant.sharepoint.com/sites/Project2","IsDocLib":false,"IsExternal":false,"ParentId":1002,"ListTemplateType":0,"AudienceIds":["d20ecec6-2f1b-4dd0-a737-5249b7ac538c"],"CurrentLCID":1033,"Children":[]}],"isNavAudienceTargeted":true,"siteDesignId":"00000000-0000-0000-0000-000000000000","requiresJoinApproval":false,"hideNameInNavigation":false,"parentHubSiteId":"00000000-0000-0000-0000-000000000000","relatedHubSiteIds":null}

Option 3: Results web part on a page

The third option isn’t really a navigation solution, but rather a workaround roll-up to ensure security trimmed information is shown.

To achieve this, we revert to the “Highlighted Content” web part. With some basic settings, it can provide you with a security trimmed list of sites. In our example it’s easy, since each link in the hub navigation refers to a Project site, and each project site has one home page.

Option 4: Development

Since I’m not a developer (and I’m not soon going to become one 😊), I looked at a couple of documented developed implementations, of which two showed some merit.

Conclusion

We saw 4 different ways to create a ‘trimmed’ navigation. And although neither of them gave the perfect answer, each can be used in its specific context.

Hub sites have their merits and their limitations; it is up to the information architect to look at the relationship and interdependencies to go for the correct solution.

Option Security trimming Customizable Easy to setup Easy to maintain
Default Hub Navigation
No
No
Yes
Yes
Hub Navigation with Audience targeting
Yes
No
Yes
No
Highlighted contents
Yes
Limited
Yes
Yes
Default Hub Navigation
Yes
Yes
No
No

Maybe one could argue that it would be better not to use the Hub sites at all, then remember that Microsoft is working hard in bringing new features (such as syntex, site scripting, centralized color schemes) that will require a sound information structure where hub sites will play their part.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.