Security preferences

You can set the following preferences in the Security category of the Preferences window.

Enabling these security preferences alters Maya's behavior when opening/importing scene files or loading plug-ins. You can set it to flag specific commands in the former case, and only load plug-ins from trusted locations in the latter. This ensures that you will be warned about / protected from possibly malicious code that may be hidden in these files (e.g. scene files shared on the web).

General Security Preferences

Security: Turn this On/Off to activate/deactivate all security sub-sections (MEL, Python, Plugins) at the same time. This is automatically set to Custom when you manually activate/deactivate only one or two of the sub-sections.
Note: Maya will automatically switch this to Custom if you manually activate/deactivate any of the sub-sections.

Startup Script Permissions

Read and execute 'userSetup' scripts

Controls whether Maya automatically runs userSetup.mel or userSetup.py scripts whenever Maya starts up. By default, these scripts are located in:

Windows: ..\My Documents\maya\<version>\scripts
Mac OS X: ~/Library/Preferences/Autodesk/maya/<version>/scripts
Linux: ~/maya/<version>/scripts

Warn me if 'userSetup' scripts contain changes

Controls whether Maya automatically performs a hash check (digital finger print) of all userSetup scripts to make sure they don't contain anything unintended by the original script creator. If a script fails the hash check, Maya will prompt you with a warning and provide the option to save the new hash value or not. This is disabled by default.

Security logging

Enable security logging: Turn this on to record all security events (MEL, Python, Plug-in) to a log file named "mayaSecurity".
Log file format: Determines the type of file that "mayaSecurity" is written as.
Default security logging directory: Determines where the "mayaSecurity" file is saved by default.

MEL

Allows you to flag specific MEL commands to be denied execution when loading scene files. This is useful if you're receiving files from an unknown source and want to ensure the integrity of your system. This is enabled by default.

Note: This only affects commands executed when a file is loaded (such as via scriptJob/scriptNode). It does not affect commands execution from the Script Editor.

Secure MEL loading: When turned on, Maya will either ask for permission or deny commands (depending on the current Default action for flagged commands setting) in the Flagged commands list from executing.
Flagged commands: Determines which commands are flagged when Secure file loading is turned on. Click Add to add commands to the list via text entry, or select commands already in the list and click Remove to unflag them.
Default action for flagged commands: Determines how Maya handles flagged commands during loading. Ask for permission prompts the user for each instance of a flagged command that Maya encounters when loading. Deny automatically blocks any flagged commands from running when loading. The default is Ask for permission.
Allow global proc definition in scene file: Determines whether embedded MEL scripts are allowed to define global procedures. When disabled, all global procedure calls will be blocked on file load. This is disabled by default.

Python

Defines how Maya handles Python commands or modules embedded in .ma / .mb files (including scriptNodes / scriptJobs) when those files are imported. This is useful if you're receiving files from an unknown source and want to ensure the integrity of your system.

Note: This only affects commands executed when a file is loaded (such as via scriptJob/scriptNode). It does not affect commands execution from the Script Editor.

Python: Determines how Maya is to proceed whenever it encounters a Python command / module embedded in a file it's attempting to load/import. Check before executing (secure) allows you to customize which particular commands / modules are allowed or denied via the options below. Meanwhile, Execute and Don't Execute will either enable or deny all Python modules it encounters respectively. This is set to Execute by default, but we strongly recommend switching it to Check before executing (secure) before loading files from an untrusted source.

Python Built-in Functions

Secure built-in functions: When turned on, Maya will either ask for permission or deny commands (depending on the current Default action for flagged commands setting) in the Flagged built-in functions list from executing. This only has an effect when Python is set to Check before executing (secure).
Flagged built-in functions: Specifies what Python commands to deny when Secure built-in functions is turned on. Functions with a checkmark will be flagged for denial.
Default action for importing modules: Determines how Maya handles a Python command in the Flagged built-in functions list. Ask for permission prompts the user for each flagged function that Maya encounters when loading. Deny automatically blocks any flagged functions from executing when loading. The default is Ask for permission.

Python Modules

Secure module import: When turned on, Maya will either ask for permission or deny all modules (depending on the current Default action for flagged commands setting) not in the Trusted modules list from loading. This only has an effect when Python is set to Check before executing (secure).
Trusted modules: Specifies what Python modules are allowed when Secure module import is turned on. Click Add then navigate to a folder in the file browser to add locations to the list, or select locations already in the list and click Remove to remove them.
Default action for importing modules: Determines how Maya handles a module outside of the Trusted modules list. Ask for permission prompts the user for each unlisted module that Maya encounters when loading. Deny automatically blocks any unlisted modules from importing when loading. The default is Ask for permission.

Plugins

Allows you to control what plugins can be loaded based on their location.

Secure plugin loading: When turned on, Maya will either ask for permission or deny plugins from loading (depending on the current Default action for flagged commands setting) anywhere outside of the Trusted plugin locations list. This is enabled by default.
My trusted plugin locations: Specifies safe locations to load plugins from when Secure plugin loading is turned on. Click Add then navigate to a folder in the file browser to add locations to the list, or select locations already in the list and click Remove to remove them.
Note: Maya also maintains a list of default trusted plugin locations that do not appear in this list.
Default action for non-trusted locations: Determines how Maya handles plugins attempting to load from outside the My trusted plugin locations when Secure plugin loading is turned on. Ask for permission prompts the user each time they attempt to load a plugin from a non-trusted location. Deny automatically blocks any plugin from a non-trusted location. The default is Ask for permission.