Daily Archive » 28 December 2012

Prevent users from accessing Site Settings application page

Just this week, I accidentally found out that users were able to access Site Settings page, with some sections open out publicly accessible, for example the Regional Settings column! This raise a security threat as we don’t want users to be able to touch these settings. After much digging, I realised it’s because one custom permission that was created for the users have “Browser Directories” permission checked. Once this is unchecked, then they are denied from accessing the setting page.