<div>
Hi,<br />
<br />
are you concerned about the user's ability to start a command from your add-in even when they shouldn't? If so, can't you just apply the same check as for the visibility to the button_click event and e.g. show a message to the user that this command can't be executed under current configuration/condition?<br />
<br />
Regards<br />
<br />
Thomas
</div>


<div>
you can customize the backstage view with free Custom UI Editor &nbsp;<a href="http://www.rondebruin.nl/win/s2/win005.htm" rel="ugc">Ron's web</a> for more detail and examples <br />
<br />
<br />
also &nbsp;fellow MVP Andy Pope has a free <a href="http://www.andypope.info/vba/ribboneditor.htm" rel="ugc">Ribbon Editor Add-in</a> that can customize the Excel files
</div>


<div>
Thanks thausia. The issue is that the client doesn't even them to appear in the ribbon customisation view, regardless if the functions behind them are disabled. It's very odd that MSFT allow this loophole! I see another use case where I could develop a single add in and groups are activated on-demand as users pay for them. But this loophole means that model can be circumvented.<br />
<br />
ProfessorJimjam : I am using that first tool to add the XML to the project but the issue is related to controls remaining visible in the Office app's UI (in File / Options / Customize Ribbon) even when the XML defines them to be invisible (either via the visible property or getVisible callback).
</div>


<div>
Can you also set the relevant control's enabled to false?
</div>


<div>
Have you managed to make this work JSWilson? I've just done some testing with the enabled property and it doesn't appear to help. For example, when opening a file with a custom ribbon tab, the callbacks don't even fire until the tab is clicked yet all of the controls appear in the Customize Ribbon view in that state. Then, when I do click the ribbon, forcing the callbacks to run and set a test control's visible and enabled properties to false, the control still appears in the Customize Ribbon view. This really does look like a MSFT security issue to me unless I'm missing something.
</div>


<div>
Here it still appears and can be added to the ribbon &nbsp;but cannot be used if enabled is set to false
</div>


<div>
It's the &quot;still appears&quot; bit that I've been asked to fix :-(
</div>


<div>
If so JSRWilson, then think this is something the MSFT should address because it represents a security loophole. Thanks for looking at it though and for a new challenge ;-)
</div>


<div>
I've accepted the solution as being there is no solution so the question is maintained on EE for other developers.
</div>


<div>
<div class="content wysiwyg-content">
I have an Office application add-in that has various controls that are made visible (or not) under specific configurations via getVisible callbacks.<br />
<br />
When they are hidden, it's because the function is not available to the user.<br />
<br />
However, I've discovered that regardless of the state of the controls, they ALL appear in the backoffice view here:<br />
<br />
<b>File</b> / <b>Options</b> / <b>Customize Ribbon</b> and then change the <b>Choose commands from:</b> drop down to <b>All Commands</b><br />
<br />
The obvious impact is that users can circumvent the add-in's code, making it seemingly impossible to have a single code base for an add-in deployed under various configurations. At it's worst, this appears to be a major security loophole.<br />
<br />
Is there a way to prevent this behaviour?
</div>
</div>


I have an Office application add-in that has various controls that are made visible (or not) under specific configurations via getVisible callbacks.

When they are hidden, it's because the function is not available to the user.

However, I've discovered that regardless of the state of the controls, they ALL appear in the backoffice view here:

File / Options / Customize Ribbon and then change the Choose commands from: drop down to All Commands

The obvious impact is that users can circumvent the add-in's code, making it seemingly impossible to have a single code base for an add-in deployed under various configurations. At it's worst, this appears to be a major security loophole.

Is there a way to prevent this behaviour?

Hide custom ribbon controls from Office backstage / Options / Customize Ribbon view

PowerPoint is a slide show presentation program currently developed by Microsoft. PowerPoint presentations consist of a number of individual pages or "slides" that may contain text, graphics, sound, movies, and other objects, which may be arranged freely. The presentation can be printed, displayed live on a computer, or navigated through at the command of the presenter. Slides can also form the basis of webcasts.

Microsoft PowerPoint

Microsoft Office is an integrated suite of applications that includes Outlook, Word, Excel, Access, PowerPoint, Visio and InfoPath, along with a number of tools to assist in making the individual components work together. Coding within and between the projects is done in Visual Basic for Applications, known as VBA.

Microsoft Office

Microsoft Excel topics include formulas, formatting, VBA macros and user-defined functions, and everything else related to the spreadsheet user interface, including error messages.

Microsoft Excel

Microsoft Word is a commercial document editing program that is part of the Microsoft Office suite. It features numerous text-editing tools for creating richly formatted documents, along with tools for the use of macros in Word documents. Word's native file formats are denoted either by a .doc or .docx file extension. Plugins permitting the Windows versions of Word to read and write formats it does not natively support, such as the OpenDocument format (ODF) are available. Word can import and display images in common bitmap formats such as JPG and GIF. It can also be used to create and display simple line-art.

Microsoft Word

Visual Basic is Microsoft’s event-driven programming language and integrated development environment (IDE) for its Component Object Model (COM) programming model. It is relatively easy to learn and use because of its graphical development features and BASIC heritage. It has been replaced with VB.NET, and is very similar to VBA (Visual Basic for Applications), the programming language for the Microsoft Office product line.