When a new widget is created from an existing web part, all the attributes are hidden in the editing form by default. It is up to the widget creator to select the attributes which should be available for customization using the check boxes on the Properties tab.
The security options are defined on the Security tab when selecting a widget from the content tree in Site Manager -> Development -> Widgets. By default, all widgets are forbidden for all zone types and are allowed for authorized roles only. However, no authorized role is selected by default. It is up to the developers to allow a widget for specific types of zones and users.
Widgets can be allowed for the following locations:
•In group, editor or user zones - the widget may be used in the respective type of widget zone.
•In dashboard zones - the widget may be used as a component on dashboards.
•As inline widget - the widget can be inserted into editable text regions via the WYSIWYG editor.
In addition, the permissions of a widget must also be set for one of the following types of users:
•Authenticated users - all logged in users are allowed to use the widget.
•Global Admin only - only users designated as global administrators are allowed to use the widget.
•Authorized roles - only members of the roles selected in the section below are allowed to use the widget.
Please keep in mind that changing the security settings will only affect new widgets. If a user was allowed to add a widget and an administrator later removes this permission, the user can still see the widget on their page. However, once deleted, the widget cannot be added back to the page without allowing it on the Security tab of that particular widget.