Forum Discussion
SharePoint "Sites" Web Parts - Selected Sites Needs to be Security Trimmed
This isn't currently a supported capability in the sites web part. In "select" mode you're defining specific sites/links to display. SharePoint displays them. If the user doesn't have access to the site they won't see the tidbits or info about the site (as we do a search query to retrieve that data from the site, as the user), but they'll still see the site as you've specifically chosen to display it. This is similar to modern navigation and quick links. If you choose to display X site, we display it. If the user clicks it, they don't have access to it (of course). Security trimming explicitly added user content would seem to me to be counter-intuitive... not to mention not very performant for page loading (if every link added to every page had to be checked for permissions to simply display the link for every viewer).
Always open to feedback on what we've created, and how we can improve it.
When I select "All Sites in Hub" the web part is security trimmed. I am only seeing what I have permission to.
However, when I click on "Select Sites" and manually select the site to list, I see all the sites regardless if I have permission to see them. I get a "You need permission to access this site" when I click on them.
Ideally, I would like to be able to use the "Select Sites" but still have it security trimmed. Meaning of the sites I select, I still only see those I have permission to see.
MicrosoftThis isn't currently a supported capability in the sites web part. In "select" mode you're defining specific sites/links to display. SharePoint displays them. If the user doesn't have access to the site they won't see the tidbits or info about the site (as we do a search query to retrieve that data from the site, as the user), but they'll still see the site as you've specifically chosen to display it. This is similar to modern navigation and quick links. If you choose to display X site, we display it. If the user clicks it, they don't have access to it (of course). Security trimming explicitly added user content would seem to me to be counter-intuitive... not to mention not very performant for page loading (if every link added to every page had to be checked for permissions to simply display the link for every viewer).
Always open to feedback on what we've created, and how we can improve it.