A couple of days ago I posted about the "Manage web site" option in the "User Permissions for Web Application" section of the Central Admin. If we unchecked that option we saw that a lot options disappeared in the Site Settings page for users who have Full Control and this was the desired case in our environment. Unfortunately a lot of unexpected errors occurred because of the removal of permissions. Not only the permissions were removed from the users but also from the service accounts on which SharePoint runs. So the conclusion was to enable it again to maintain functionality and just have to deal with less strictly managed sites.
But! Today I found the solution.. it seems that the Site Settings page is just a feature as well and you know what you can do with links that are controlled by features.. Yes! You can security trim them! So in order to remove the links from the Site Settings page you just open the sitesettings.xml (\12\TEMPLATE\FEATURES\SiteSettings) and the following bit to each link : 'RequireSiteAdministrator="TRUE"'
So the 'Site Features' link (one of which we don't want the user to play with) looks like this:
<CustomAction Id="ManageSiteFeatures" GroupId="SiteAdministration" Location="Microsoft.SharePoint.SiteSettings" RequireSiteAdministrator="TRUE" Rights="ManageWeb" Sequence="80" Title="$Resources:SiteSettings_ManageSiteFeatures_Title;"> <UrlAction Url="_layouts/ManageFeatures.aspx" /> </CustomAction>
And here is the tricky part.. at least.. it feels really tricky.. you will have to uninstall the site settings feature using STSADM and install it again for the settings to take effect
STSADM -o uninstallfeature -name sitesettings STSADM -o installfeature -name sitesettings
There you have it! A trimmed Site Settings page without having to unchecking the 'Manage WebSite' option. Although with URL hacking you can get there ofcourse so it's not really bulletproof (although, you can edit the .aspx pages and put a SPSecurityTrimmedControl around it)