Microsoft Office Tutorials and References
In Depth Information
3. You can apply more than one permission policy level to the same user—Full Control will
overwrite Full Read (if both are selected), but the Deny options will overwrite both Full
Control and Full Read. So, giving someone Full Control and Deny Write will give them
all the permissions except anything blocked by Deny Write. Typically you’ll pick only one
of these permission policy levels. I’m giving Saffron the Full Control p ol ic y.
4. The final option is to set this account to operate as System—this places the user in
“stealth” mode—they won’t show up as themselves if they post anything, and any
changes or modifications are recorded as coming from a system account. Typically
reserved for the service accounts, this can also be applied to actual user accounts, but in
this case I’m going to leave it unchecked.
Now, with a user policy for the entire web application in place, Saffron can access any site
collections in that web application, like the self-service site creation one used by Basil, even if he
chose not to add her account to one of his site groups. As you can see in Figure 10.57, Saffron is
logged into Basil’s blog site and on the site permissions page, without being added to the site.
FIGURE 10.57
User policy user
account accessing
a site collection
A N O N Y M O U S P O L I C Y
One feature you can control at the web application level is anonymous access. When creating
a new web application (or extending one, as detailed in “Alternate Access Mapping”), you can
choose Allow Anonymous for the new web application. This selection does not turn anonymous
access for the site collections on or off; it merely permits that option for each site collection. If
a web application does not allow anonymous access, no enclosed site collection can have it. If
anonymous access is allowed on the web application, then the enclosed site collections have the
option to allow it. However, it’s still turned off by default.
Search JabSto ::




Custom Search