Big Sur - Prohibit User Installation of Software into /Users/
Users _MUST_ not be allowed to install software into /Users/. Allowing regular users to install software, without explicit privileges, presents the risk of untested and potentially malicious software being installed on the system. Explicit privileges (escalated or administrative privileges) provide the regular user with explicit capabilities and control that exceeds the rights of a regular user.
This is implemented by a Configuration Profile. mobileconfig profile info: com.apple.applicationaccess.new: familyControlsEnabled: True pathBlackList: /Users/