Ok, in my Web.sitemap file i have

<siteMapNode url="" title="Users" description="Manage User" roles="Admin,SiteUser">
             <siteMapNode url="~/users/profile.aspx" title="My Profile" description="Manage your site profile" roles="SiteUser" />
            ..... other items
             <siteMapNode url="~/users/profile.aspx?Mode=Add" title="Add User" description="Add a brand new user" roles="Admin" />
</siteMapNode>

So as you can see the only difference between the two is the "Mode=Add"

how can i get the menu to ignore showing the "Add User" link for non-Admins?  or am i going to have to manually remove it during menu rendering?

---

"If you make it idiot proof, they'll build a better idiot"

The Roles attribute on this node has no effect here; when used on SiteMapNode elements the roles attribute only widens the visibility of a node. To restrict it you mist use the authorization section(s) in web.config. However you cannot have query string parameters for the path of  alocation tag.

The best way to handle this is to use the data binding event, where you can check the node for a custom attribute and if the attribute is present and the user is not in the admin role remove it. Custom attributes are described in an excellent blog post by Danny Chen: http://weblogs.asp.net/dannychen/archive/2005/03/28/396099.aspx. The code to delete a node could be:

Protected Sub MyMenu_MenuItemDataBound(ByVal sender As Object, _
                                       ByVal e As System.Web.UI.WebControls.MenuEventArgs)

    Dim text As String = e.Item.Text

    If CType(e.Item.DataItem, SiteMapNode)("adminOnly") AndAlso Not User.IsInRole("Admin") Then
        e.Item.Parent.ChildItems.Remove(e.Item)
    End If

End Sub

Dave