Microsoft Office Tutorials and References
In Depth Information
The Policy For Web
The page lists the user policies applied to the selected web application. The links on the page
include Add Users, Delete Selected Users (more than one can be selected), and Edit Permissions
Of Selected Users. On the left site of the page, above the Quick Launch bar, is a See Also section
that has Manage Permission Policy Levels and Change Anonymous Access Restrictions links.
User policies are applied to a web application to give (or explicitly deny) an account or
security group access to all the site collections in that web application. User policies are basically the
combination of user or security groups and the permission levels applied to them. User policies
are particularly useful for the search index account, so it can read all content in all site
collections. They are also useful for accounts that need to be given permissions to site collections in a
web application, even if the individual site collections don’t add the user or security group to its
Permission-level policies (also simply called permission policies ) are the combinations of
permissions that can be applied to the user or security accounts in the user policies. There are a few
default permission levels: Full Control, Full Read, Deny Write, and Deny All (and two named
permission levels: Site Administrators, which is the same as Full Control, and Auditors, which is the
same as Full Read). New permission level policies can be created, and policies can be deleted as
well (although the defaults should not, especially Full Read, which is used by the index account).
Anonymous access must be enabled at the web application first. Once enabled, anonymous
access restrictions can be applied (otherwise the Anonymous Access Restrictions page settings are
grayed out, as you can see in Figure 11.64). Those restrictions will apply to all site collections being
accessed through the URL of the web application (or you can choose to specify one of the zones
instead). The restrictions are Deny Write, Deny All, and None. Deny Write blocks anonymous
users from contributing content to the site collections, no matter what is set at that level. Deny All
simply blocks all anonymous users from accessing content, even if allowed at the site collection
level. This makes None the least restrictive of the options and the one you choose if you want
anonymous users for the URL or selected zone to be able to contribute in any of the site collections.
User policies and permission policy levels are covered in detail in Chapter 12, and
anonymous access is covered in Chapter 10.