Deny editing SharePoint pages in SharePoint Designer
I was looking for a while for a way to do it. All started in the moment when a customer reported that the permission Use Remote Interfaces is disabling a lot of other features.
With a little luck and the information that you cannot do it on permission level the reponse appeared:
https://support.microsoft.com/default.aspx/kb/940958 - How to prevent SharePoint Designer 2007 users from changing a Windows SharePoint Services 3.0 site or a SharePoint Server 2007 site
https://blogs.msdn.com/sharepointdesigner/archive/2008/11/25/locking-down-sharepoint-designer.aspx - Locking Down SharePoint Designer
The first resource describes how we can do it by editing the Onet.xml file. The second one is more complete.
- the first section (Options for locking down SharePoint Designer) should be in a table like this:
| SCOPE | OPTION | PERMISSIONS REQUIRED TO ENABLE OR DISABLE |
|---|---|---|
| At the server level per site definition | ONET.XML — Prevent all users from opening all sites created from a specific site definition (such as all team sites or all publishing sites) by modifying ONET.XML for that site definition. | Server administrator — You must have an administrator account on the server to modify this file. |
| At the Web application level for all users | Permissions in Central Administration — Prevent all users from opening or editing all sites in a Web application by removing the permissions in Central Administration. | Site Collection Administrator — You must be a Site Collection Administrator to add or remove permissions in Central Administration. |
| At the Web application level per user or group | Policy in Central Administration — Prevent specific users and groups from opening or editing all sites in a Web application by removing the permissions in Central Administration. | Site Collection Administrator — You must be a Site Collection Administrator to manage permission policies in Central Administration. |
| At the site level per user or group | Policy in Central Administration — Prevent specific users and groups from opening or editing all sites in a Web application by removing the permissions in Central Administration. | Site owner — You must have the Manage Permissions permission to configure site permissions. In SharePoint Server 2007, by default only the Full Control and Manage Hierarchy permission levels include this permission. |
| At the site level per user or group (not a security feature) | Contributor Settings — Guide trusted users toward performing the right tasks in the right place by disabling features and UI in SharePoint Designer 2007. Contributor Settings cannot override permission settings at the site level or in Central Administration. | Site owner — You must have the Manage Permissions permission to turn Contributor Settings on or off. In SharePoint Server 2007, by default only the Full Control and Manage Hierarchy permission levels include this permission. |
| Per computer or per user | Group Policy — Use policy settings to disable menu commands and their corresponding toolbar buttons in the UI of Office programs, including SharePoint Designer. You can also disable keyboard shortcuts. Settings can be applied to a specific computer or user. | Windows administrator — You must be a member of the Domain Administrators security group, the Enterprise Administrators security group, or the Group Policy Creator Owners security group. |
There should be other tables to make it easier to see the information. But at this moment we will try to understand it this way (if it will be really needed let me a comment, or two and I could do all the tables)