Sharepoint Permissions And Running Client Side Code For Anonymous Users

The Dilemma of Balancing Access and Security

SharePoint sites often need to provide access to anonymous public users to view certain content pages. However, site owners also want to limit what these anonymous users can do for security reasons. A common need is to allow anonymous users to view code samples and interactive demonstrations right within pages, without granting them broader permissions.

This presents a dilemma – how to balance open access with tight security. By default, SharePoint does not allow anonymous users to execute client-side code like JavaScript on pages. But with some careful configuration, limited code execution can be enabled for demo purposes while still restricting anonymous users from accessing non-public content or executing potentially malicious code.

How SharePoint Handles Anonymous Users by Default

Anonymous users belong to the “NT AUTHORITY\ANONYMOUS LOGON” built-in group in Windows. SharePoint denies this group all permissions by default. So anonymous users cannot view non-public content or pages on a site. The anonymous access setting “AnonymousAccessEnabled” is also disabled by default in SharePoint web applications.

With no abilities granted by default, anonymous users have no way to run client-side code like JavaScript embedded in pages when viewing SharePoint sites. Code like inline