Learn more about SQL Server tools

mssqltips logo
 

Tutorials          DBA          Dev          BI          Career          Categories          Webcasts          Whitepapers          Today's Tip          Join

Tutorials      DBA      Dev      BI      Categories      Webcasts

DBA    Dev    BI    Categories

Free SQL Server Webcast > Building Really Fast SQL Server VMs
 

Simplify SharePoint Permissions with User Policies


By:   |   Read Comments   |   Related Tips: > Sharepoint

Problem

A SharePoint web application can potentially contain thousands of site collections. Granting or denying uniform access to all of those site collections for a set of users can be difficult to apply and manage.

Solution

A User Policy allows a Farm Administrator to grant or deny access for a set of users to all site collections contained within a web application. Permissions applied using a User Policy cannot be over-ridden at the individual site collection, providing Farm Administrators with the ability to supercede local permissions when necessary.

A User Policy can be used to grant permissions from four (4) pre-defined permissions sets:

  • Full Control
  • Full Read
  • Deny Write
  • Deny All

In this tip, I will demonstrate how to add a new User Policy to a web application.

Create a User Policy

User Policies for web applications are managed from SharePoint Central Administration, and require Farm Administration rights. To get started, open the Central Administration web site.

01. Click Manage web applications from the Application Management group.

Select Web Applications

02. Select a web application.

03. Click the User Policy button from the Web Applications tab on the Ribbon menu.

User Policy

04. Click Add Users from the Policy for Web Application dialog. You can also choose to delete or edit an existing policy from this dialog.

Add Users to a New Policy

05. Select a Zone. You can accept the default (All Zones), or click the drop-down menu to specify a specific zone for the policy.

06. Click the Next button.

Select User Policy Zone

07. Choose Users who will be added to the policy. Enter one or more user account names, group names, or email addresses. Click the Check button to ensure the accounts are valid, or select the Browse button to search for accounts.

08. Choose Permissions to grant selected users. Although the dialog provides the ability to select and apply more than one permission set. Permissions sets should be viewed as exclusive options. It would not be logical to grant the same users Full Control and Deny All in the same policy.

09. Optionally, select whether the Account operates as System. If this option is selected, when the account accesses the web application, the account will be displayed as "System Account", and the user will not be added to the User Information List as a site member. This option is most appropriate when granting a policy to a service account that does not represent a real user. In order to operate as the System account, the account must be granted Full Control.

10. Click the Finish button.

Edit Policy Details

Summary

A User Policy on a Web Application is a convenient and powerful way to ensure consistent security permissions across a set of site collections. Some common scenarios for User Policies include:

  • Granting the Search crawl account Full Read to allow indexing of SharePoint sites. This is an example of a default User Policy that is automatically created by the Search service application.
  • Granting all employees Full Read to the corporate Intranet and supporting corporate publishing sites.
  • Granting Farm Administrators Full Control to support centralized administration tasks.
  • Granting Deny All to sub-contractors or part-time workers that should not access a web application. 
Next Steps


Last Update:


next webcast button


next tip button



About the author
MSSQLTips author Chris Beckett Chris Beckett is a Business Solutions Architect, Mentor and Trainer with 20 years of experience.

View all my tips





Post a comment or let the author know this tip helped.

All comments are reviewed, so stay on subject or we may delete your comment. Note: your email address is not published. Required fields are marked with an asterisk (*).

*Name    *Email    Email me updates 


Signup for our newsletter
 I agree by submitting my data to receive communications, account updates and/or special offers about SQL Server from MSSQLTips and/or its Sponsors. I have read the privacy statement and understand I may unsubscribe at any time.



    



Learn more about SQL Server tools