Sharepoint 2013 : SharePoint Designer 2013 (part 2) - Locking Down SharePoint Designer

Locking Down SharePoint Designer

SharePoint Designer is a great tool for editing design files, uploading files in bulk to SharePoint, and making configuration changes to lists and sites. However, now that SharePoint Designer is free, and easy to download from the Internet, as administrators, the thought of anyone in the organization being able to make changes to our SharePoint site could be a scary one. Fortunately, SharePoint Designer respects SharePoint security—thus, if a user has no permission to make changes to files in the Master Page Gallery, then that user has no rights via SharePoint Designer. SharePoint itself has additional SharePoint Designer settings to restrict further what operations you allow users to perform with Designer, as you will discover in this section.

SharePoint 2013 provides Designer restrictions at the web applications and the site collection level. Open up the publishing Site Collection Settings page (or the Site Collection Settings page on any SharePoint site). Scroll to the section with heading Site Collection Administration and then click the link for SharePoint Designer Settings, as shown in Figure 2.

Clicking the link for SharePoint Designer Settings takes you to a page like that in Figure 3. From here you have control over whether designers can customize master pages and page layouts, deviate from the site definition (detach page), and alter the structure of the site. This page also includes an overarching setting to disable SharePoint Designer access completely.

Of course, you can manage permissions granted to users in the site collection to prevent many actions via SharePoint Designer. However, depending on the design of your security model, this might get quite complicated. In some circumstances, you might want to simply turn off SharePoint Designer access (perhaps when your site goes live) and not have to worry about tweaking permissions.

If the decision to restrict change, via SharePoint Designer, sits in the hands of those higher up the food chain than site collection administrators, you can affect the same settings for the web application. Changing SharePoint Designer settings for a web application requires access to Central Administration, which ensures a higher level of access.

1. Open Central Administration.
2. Click the heading for Application Management.
3. Click the link to manage web applications.
4. Select one of the web applications in the list.
5. Click the drop-down arrow on the General Settings icon on the ribbon.
6. Select the SharePoint Designer menu item (Figure 4).

The SharePoint Designer settings at the web application level emulate those at the site collection level, but the settings at the web application level trump those at the site collection level. For example, if you disable SharePoint Designer access at the web application level, site collection administrators cannot enable the settings at the site collection level.