SharePoint 2016, Sharepoint 2013, Sharepoint 2010, Windows Server 2012, Sql Server 2012,2014,IIS, Active Directory,User Profile Service, Managed MetaData Service, Search Service, Topology, Web Application, IIS, Site collection, List, Library, PowerShell, office web app, Windows Authentication, NTLM, Kerberos, Saml, ADFS, Active Directory Import, MIM, SharePoint 2016 Central Admin – Security – Specify web application user policy – SharePoint

SharePoint 2016 Central Admin – Security – Specify web application user policy

When you click on the Specify web application user policy Link, you will be landed on Policy for Web Application page. This page will let you manage the Web Application User Policy.

Policy for Web Application page’s direct link: /_admin/policy.aspx

What is the

There are many ways to manage the permissions on the site collection i.e. you add primary or secondary site collection administrator from central admin or add extra site collection administrator within site collection. This is easy for single site collection, But if you have to give permissions to a user or group of users into the all site collections in a farm then what the option you have. Add user manually in all site collections or use the policy for web application option from Central Admin.

There are many accounts which required permission at web application, like

  • Search content crawl account required full read access in the web application level
  • Object Cache’s super user required full control at Web Application.
  • Object Cache’s Super reader account required full control at web Application.
  • Some time in a company, an auditor need full access to the web application.
  • Much more.

You can also restrict the permission for single user or group at web application level, once you deny the permission then that user or group will not get access to the server.

Policy of Web application is centralized location where we can manage permission for the Web Application. There are couple of different level of permission you can assign it to a single user or group.

  • Full Control – Has full control.
  • Full Read – Has full read-only access.
  • Deny Write – Has no write access
  • Deny All – Has no access.
  • Custom permission level

Zone: As we know, a web application can be in multiple zones (Default, intranet, internet, extranet and Custom), So we can set the permission at single zone or all zones. When you set a permission for the web application, you select the correct zone or select all zones.

System Account: Some time you don’t want to show the account’s information to end user to avoid any information leak or any information leak about the enterprise service accounts. So select this system account option when you add a user into Policy for the web application, then account displayed as SharePoint\System regardless of its name & details.

To Add a User in Policy of web Application.

In order to add a user into the web application policy, please follow below steps.

  • Login on central admin with an account who is part of farm administrator group.
  • On Policy of Web Application page, Click on Add User
  • On Add User page, Please enter the require information.
    • Web Application: Make sure you select the correct web application.
    • Zone: Select the correct zone if want to assign permission single zone or select All Zone.
    • Click Next

  • On this page, please enter the following information
    • Web Application: Double Check correct web application selected
    • Zone: make sure correct zone selection.
    • User: Enter the user id
    • Click on Man icon to resolve the name
    • Permission: Check the correct Permission level
    • System Settings: Check the account operates as systems box
    • Click Finish.    
  • Now you will see the Waqas is added as full control in all zone for the team web application

To Edit permission for a User in Policy of web Application.

To edit the permission for existing user please follow the steps below.

  • Login on central admin with an account who is part of farm administrator group.
  • On Policy of Web Application page, Select the correct Web Application (3) then Select the User (1) then Click Edit Permissions of selected Users (2)

  • On Edit Users page, please enter the required information.
    • Display Name: Change the display name to what you want i.e. Waqas Sarwar
    • Permissions Policy Level: Now select the correct permission level i.e. Full Read
    • System Settings: Choose systems settings i.e. in our case no as full read never masked as system account.
    • Click Save
  • Now you will see the Display name changed to Waqas Sarwar and Permission level also Changed to Full Read,

To Delete permission for a User in Policy of web Application.

To edit the permission for existing user please follow the steps below.

  • Login on central admin with an account who is part of farm administrator group.
  • On Policy of Web Application page, Select the correct Web Application (1) then Select the User (2) then Click Delete selected Users (3)
  • Click Ok on the warning pop up
  • Now you will see the User account Waqas is deleted from the policy.

Note: You have to be careful when granting permission to a user or group into the policy of web Application, Because this permission apply to all the site collections in the web applications.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *