Allow or prevent Contributors ability to edit scriptable Web Parts (SharePoint Server 2010)

 

Applies to: SharePoint Server 2010, SharePoint Foundation 2010

In SharePoint Server 2010, Web Parts are categorized as to whether or not users with the Contribute permission level can add or modify JavaScript.

Users who have the default Contribute permissions level cannot add or modify scriptable Web Parts. This is because the scriptable Web Parts are marked as “unsafe against Contributor scripting” in a web.config file by default and the default setting in Central Administration is “Prevent contributors from adding or editing scriptable Web Parts”. However, when the scriptable Web Parts are marked as “unsafe against Contributor scripting”, a member of the Farm Administrators group can change the Web Part Security setting in Central Administration to allow users with the Contribute permission level to edit scriptable Web Parts.

Developers can set scriptable Web Parts to “safe against Contributor scripting” in a web.config file. In this situation, the scriptable Web Parts can be edited by users with the Contribute permission level without any actions by a member of the Farm Administrators group. For more information about these safe Web Parts, see the "About editing Web Parts" section in Contribute permission level overview (SharePoint Server 2010).

The following table shows the effective behavior of a given Web Part with different settings from developers and a member of the Farm Administrators group.

Settings Farm administrator allows contributors to edit scriptable web parts Farm administrator prevents contributors from editing scriptable web parts (default)

Developer marks part type as “SafeAgainstScript=true”

Contributors can edit scriptable web parts

Contributors can edit scriptable web parts

Developer marks part type as “SafeAgainstScript=false” (default)

Contributors can edit scriptable web parts

Contributors cannot edit scriptable web parts

Note

A change to the Web Part Security setting in Central Administration applies to all scriptable Web Parts in the Web Application.

In this article:

  • Enable or prevent Contributors from editing scriptable Web Parts

Allow or prevent Contributors ability to edit scriptable Web Parts

If you are upgrading from Office SharePoint Server 2007 to SharePoint Server 2010, users with the Contribute permission level will not be able to edit scriptable Web files and Web parts any longer. A member of the Farm Administrators group can enable them to do this by change the setting in Central Administration.

Note

To secure Web Parts from script injection, this setting is set to Prevent contributors from adding or editing scriptable Web Parts by default.

To enable or prevent Contributors from editing scriptable Web Parts by using Central Administration

  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.

  2. On the Central Administration Web site, in the Application Management section, click Manage web applications.

  3. Click the Web Application for which you want to change settings.

  4. In the Security group of the ribbon, click Web Part Security.

  5. In the Scriptable Web Parts section of the Security For Web Part Pages dialog box, select the appropriate option.

    • To enable the setting:

      Select Allows contributors to add or edit scriptable Web Parts.

    • To disable the setting:

      Select Prevent contributors from adding or editing scriptable Web Parts.

  6. Click OK.

See Also

Concepts

Contribute permission level overview (SharePoint Server 2010)