SharePoint 2016, Sharepoint 2013, Sharepoint 2010, Windows Server 2012, Sql Server 2012,2014,IIS, Active Directory,User Profile Service, Managed MetaData Service, Search Service, Topology, Web Application, IIS, Site collection, List, Library, PowerShell, office web app, Windows Authentication, NTLM, Kerberos, Saml, ADFS, Active Directory Import, MIM, SharePoint 2016 Central Admin – Security – Manage Web Part security – SharePoint

SharePoint 2016 Central Admin – Security – Manage Web Part security

When you click on the manage web part security Link, you will be landed on Security for web part page’s page. This page will let you manage the web part security settings for pages.

Security for Web Part Pages settings page’s direct link: /_admin/SPSecuritySettings.aspx

Web parts are the key component of the SharePoint, every page contains web parts. User can customize these web parts and reuse them, or create connection between sites or user any other way. If there is no check and balance on the web part then you are opening door for hacker to attack your farm, or your farm’s performance is suffering.

As a SharePoint administrator, it is our responsibility to secure the SharePoint environment. To secure the environment, we have to manage the Web part security which include allowing / disallowing the web part connection, downloading the web part from the online web part galleries and allowing scriptable web parts.

In central admin, we can manage these settings for each web application. These settings are web application level, which means all the site collection in that web application will share same settings. If you have more than one web application you have to configure for each web application.

Configuration Options

There are 3 configuration options on the security from web part page.

  1. Web Part Connections: In SharePoint, we can create a connection between web parts to display the data from source to destination. There are many operation can be performed using the web part connection option but we have to make the decision carefully. If web parts are not secured properly then malicious information can be downloaded from source to destination. Another issue with enabling this option also cause the performance.
  2. Online web Part Gallery: Enabling this option will allow user to download the web part from the online galleries. There is one requirement you able to connect to online gallery. But I am against this option, as customer can download any web part which can cause major issue in your farm, a fake 3rd party web part can contain some malicious code which can attach your farm. I would disable this option and then download the web part if need then test it & verify before deploying it to the farm.
  3. Scriptable web parts: This will allow developer to add or edit a scriptable web part, they can write the code which can execute in the browser. This option is if we want to allow the contributor to add the scriptable web part or not i.e. content editor web part.

Configure the Settings

To configure the setting, please follow the below steps.

  • Login to central admin with an account who is part of farm administrator group.
  • On security for Web parts page, enter the following details
    • Select the correct web application for which you want to configure web part security.
    • Web Part Connections: Select Allows users to create connections between Web Parts or Prevents users from creating connections between Web Parts, and helps to improve security and performance.
    • Online Web part Gallery: Select Allows users to access the Online Web Part Gallery or Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance.
    • Scriptable Web parts: Select Allows contributors to add or edit scriptable Web Parts or Prevent contributors from adding or editing scriptable Web Parts.
    • Click Ok to save the configuration.

Sometime, we don’t know about the default settings then we can use the Restore Defaults options available on the page.

Note: These settings for web application scoped.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *