Advertisements

Are you suffering from TMSTGNS (Too Much Security Trimmed Global Navigation Syndrome)?


Is your site collection acting sluggish? Seeing load times of 5-15 seconds on any page or resource? Are other web applications and site collections in your farm acting just fine? Are server resources not over utilized? You may be suffering from Too Much Security Trimmed Global Navigation Syndrome (TMSTGNS). We will walk through some background information, symptoms, diagnosis, as well as ways you can bring your site collection back to life, and still allow your users to get where they need to go.

What is the “Global Navigation”?

Also known as the Top Navigation, or the Top Link Bar in SharePoint. You see it as the horizontal navigation at the top of your pages. See the image below as a reference (highlighted in yellow):

image

What is the cause of TMSTGNS?

The global navigation in SharePoint is generally used to get around to sites and pages within your site collection –  based on the configuration from the Look and Feel groups in the Site Settings page for each of your sites. This is found under Site Actions > Site Settings > Look and Feel > Navigation

image

And once there, you can configure the dynamic nature of the menus (to automatically show subsites and pages for each of the sites, and whether or not to inherit navigation from those sites)

image

Also, by default, there are some settings which are not displayed on this page, which affect your navigation. Those settings are found at the site collection level under Site Actions > Site Settings > Site Collection Administration > Site collection navigation

image

The settings found within this little-used configuration screen are the root cause of TMSTGNS, and give the syndrome part of it’s name, Security Trimmed (ST).

image

As you can see in the highlighted sections above, in this screen are options to Enable security trimming, and to Enable audience targeting. What do these do you ask?

Security trimming, as the description above implies, will hide navigation links for sites or pages the user does not have access to. For instance, if only the Finance department had access to the Finance department team site, then with this option enabled, people who are in Human Resources would not see the navigation node for Finance. Now, this sounds like a great idea, right?

Audience targeting is similar. Under Site Actions > Site Settings > Look and Feel > Navigation, when you are adding a link or a header, you have the option to specify a targeted audience, so only those who are within those audiences can see those links.

SNAGHTML13964a3f

Yes, it is a good idea, keep things hidden that shouldn’t be seen if you do not have access, however, as your site collection grows to hundreds of sites, each which hang off of the Global Navigation, either directly there, or, which are found one or two levels below in navigation flyouts (see image below)….

image

SharePoint needs to iterate through EACH AND EVERY NAVIGATION NODE, and check if the current user has access to the site, as well as if they are in the audience for that link, EVERY TIME THE NAVIGATION LOADS! That is a lot of recursive security checking, and can take time. The more sites you have, the longer this will take.

You can see this in action especially with the Developer Dashboard running when your site has one or more team sites enabled (while the example below is minimal, I’ve seen this go on in some instances for pages and pages and pages):

image

Now, you see for each of the navigation nodes, it takes roughly 20ms for each link (the area above with the hidden sections to protect some private data) to be checked for access and audiences, which is the EnsureListItemsData method calls shown below each link. Multiply this by the number of navigation nodes you have, and you can probably come pretty close to the amount of time it takes for your pages to load. I have literally seen CPU spikes on servers 25% and higher utilization than normal with the W3WP.exe worker processes for IIS while this operation is taking place as well. It utilizes a lot of CPU to accomplish this task.

The quick fix for this? uncheck those two boxes under the Site collection navigation configuration screen. You will notice a huge performance improvement. This means however, that all of your users can see all of the links within the Global Navigation.

 

But what if I need to hide links, and keep them available to the users who need them?

This is a great question, and one that I can use the classic consulting phrase on – “it depends”. You may find that you can add these links to an audience targeted web part underneath the main site they are on. This may take an extra click, but, security is not transparent. Just compare the time it takes to go through an airport now than it did before 2001. If you need security, and performance, than a small subset of your users having to make an extra click might not be so bad. Ultimately it is up to the decisions you make within your organization, and how these work-arounds can and will be carried out and implemented.

What else can I do?

There are many options other than just disabling the security and audience trimming on the global navigation. Those might be building a custom navigation control (development), to implement security trimming for links in a different manor, such as checking a list which has ONLY the links to be trimmed from the Global Navigation, rather than having to check each link.

Using a list-based navigation source with item permissions enabled – this is also security trimming, however, it is only within a single list, so performance should be better, but, it will be slower than a navigation source without any security trimming.

You may also implement multiple navigation layers, one without security trimming, and one with a custom source that is security trimmed in the master page.

As I said, there are many options – you may need to think outside the box a bit to get to the best resolution for your organization, but at the very least, your pages will be loading a lot faster when you are not suffering anymore from TMSTGNS, thus giving your end users, and yourselves, a better SharePoint experience.

 

Are you a survivor of TMSTGNS?

Then share your story with everyone else in the comments below about how you were able to defeat this horrible performance degrading disease.

Advertisements

About Geoff Varosky
Geoff Varosky is a Senior Architect for BlueMetal Architects, based out of Watertown, MA. He has been architecting and developing web based applications his entire career, and has been working with SharePoint for the past 13 years. Geoff is an active member of the SharePoint community, Co-Founder and Co-Organizer of the Boston Area SharePoint Users Group, co-founder for the Boston Office 365 Users Group, co-organizer for SharePoint Saturday Boston and speaks regularly at SharePoint events and user groups.

2 Responses to Are you suffering from TMSTGNS (Too Much Security Trimmed Global Navigation Syndrome)?

  1. Pingback: Sharepoint Updates December-23-2011 | SDavara's Sharepoint Knowledge Center

  2. Great post! And proves that you need to think through how you want to do security in SharePoint. If you do opt-in read permissions then security will have to be evaluated all over, instead of using opt-out where everything is open, and you tighten it just where needed.

    And global navigation should typically be readable by all imo. Hopefully this post with other knowledge can make people better understand how security and openness affects performance 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: