Turn scripting capabilities on or off
The ability to customize is one of the most compelling features of SharePoint Online because it enables admins and users to adjust the look, feel, and behavior of sites and pages to meet organizational objectives or individual needs. Some customization, such as changing a heading style or page layout, is as easy as selecting a button on the ribbon. Other customizations are more complex and require the use of custom script or markup language inserted into web parts or run with Windows PowerShell.
The ability to add custom script to sites and pages is controlled by the Add and Customize Pages permission. While the global admin, can specify which users and groups are granted this permission, anyone who creates personal sites and team sites is by default, a site owner. A site owner can add any script they want to the pages on that site.
Many admins want their users to have the freedom to create sites as needed. Not only does it encourage collaboration among users but also frees up the admin to focus on urgent tasks. You'll probably want to limit the amount of scripting allowed in order to maintain the security and integrity of the sites in your tenancy. You can limit scripting from the Settings page in the SharePoint admin center, but when you disable scripting, you are disabling it for all personal sites and self-service-creation sites in the tenancy. (See Additional information about the self-service site creation feature.)
Default scripting capabilities
Scripting capabilities are disabled by default for:
-
Personal sites
-
Self-service created sites
-
The Root Site Collection of the Tenant
To enable or disable scripting from the SharePoint admin center
-
Sign in to Office 365 with your work or school account.
-
Go to the SharePoint admin center.
-
Select Settings.
-
Under Custom Script choose:
-
Prevent users from running custom script on personal sites or Allow users to run custom script on personal sites.
-
Prevent users from running custom script on user created sites or Allow users to run custom script on self-service created sites.
-
-
Click OK. It takes about 24 hours for the change to take effect.
To enable or disable scripting on a different SharePoint collection
The Custom Script feature enables or disables scripting capabilities on SharePoint Online personal sites and self-service sites. Because self-service site creation points to your tenant's root site collection by default – you're actually applying the scripting capability to your tenant's root site collection. If you don't want this and instead want to enable or disable scripting on another site collection, you can point the self-service site creation root to another valid site collection in Office 365.
Any change to the scripting setting made through the SharePoint Online admin center may take up to 24 hours to take effect. To enable scripting on a particular site collection immediately, use the following PowerShell command (learn more about the SharePoint Online Management Shell):
Set-SPOsite <SiteURL> -DenyAddAndCustomizePages 0
Make sure the scripting setting in the admin portal matches what you set using PowerShell, or the site collection setting may be overridden again in the next 24 hours.
Features affected when scripting is disabled
When you disable scripting on personal sites or self-service-creation sites, the theme gallery, certain web parts, and other features that support scripting are no longer available to site collection owners or site owners. Any sites that used these features before scripting was disabled are still able to use them.
The following site settings are no longer be available after scripting has been disabled:
| Site feature | Behavior | Notes |
| Save Site as Template | No longer available in Site Settings. | You can still build sites from templates created before scripting was disabled. |
| Save document library as template | No longer available in Library Settings. | You can still build document libraries from templates created before scripting was disabled. |
| Solution Gallery | No longer available in Site Settings. | You can still use solutions created before scripting was disabled. |
| Theme Gallery | No longer available in Site Settings. | You can still use themes created before scripting was disabled. |
| Help Settings | No longer available in Site Settings. | You can still access help file collections available before scripting was disabled. |
| HTML Field Security | No longer available in Library Settings. | You can still use HTML field security that you set up before scripting was disabled. |
| Sandbox solutions | Solution Gallery will not appear in the Site Settings so you can't add, manage, or upgrade sandbox solutions. | You can still run sandbox solutions that were deployed before scripting was disabled. |
| SharePoint Designer | Site Pages: No longer able to update web pages that are not HTML. Handling List: Create Form and Custom Action will no longer work. Subsites: New Subsite and Delete Site redirect to the Site Settings page in the browser. Data Sources: Properties button is no longer available. | You can still open data sources. |
| Uploading files that potentially include scripts | The following file types can no longer be uploaded to a library .asmx .ascx .aspx .htc .jar .master .swf .xap .xsf | Existing files in the library are not impacted. |
The following web parts and features are unavailable to site collection owners and site owners after scripting has been disabled.
| Web part category | Web part |
| Business Data | Business Data Actions Business Data Item Business Data Item Builder Business Data List Business Data Related List Excel Web Access Indicator Details Status List Visio Web Access |
| Community | About This Community Join My Membership Tools What's Happening |
| Content Rollup | Categories Project Summary Relevant Documents RSS Viewer Site Aggregator Sites in Category Term Property Timeline WSRP Viewer XML Viewer |
| Document Sets | Document Set Contents Document Set Properties |
| Forms | HTML Form Web Part |
| Media and Content | Content Editor Script Editor Silverlight Web Part |
| Search | Refinement Search Box Search Navigation Search Results |
| Search-Driven Content | Catalog-Item Reuse |
| Social Collaboration | Contact Details Note Board Organization Browser Site Feed Tag Cloud User Tasks |
| Master Page Gallery | Can't create or edit master pages |
| Publishing Sites | Can't create or edit master pages and page layouts |
Best practice for communicating the change to users
When you decide to disable scripting on tenants where it was previously allowed, communicate the change well in advance so users can understand the impact of the decision. The worst case scenario is that users who are accustomed to changing themes or adding web parts on their team sites suddenly find that capability gone. Instead they will receive the following error message.
Proactively communicating the change can pre-empt many of these support calls and avoid an unnecessary surprise for your users.
No comments:
Post a Comment