Anonymous access policy in sharepoint web application is created for public facing sites, which can be accessed by users having no permission in the site. Anonymous access permission setting is disabled by default. No prompt for user credentials while accessing these anonymous contents is required.
Actually “IUSR_computername” account is created by IIS for authenticating anonymous users to access the public facing content in sites. We can create anonymous access policy at the web application level so as to restrict/manage permission for anonymous content and their action on it.
Advertisements
Since we are going to create a public facing sharepoint site, its always recommended and best practice to extend web application that is going to face external traffic.
Navigate to SharePoint Central Administration. Click on Application management and select Manage Web Applications.
Click on “Intranet” as we have selected this while extending the web application, you will notice “Enable Anonymous Access” is selected.
Advertisements
Now select the extended Web Application (http://win-q2repghf9du:27315/) from Web Application Management page and click on “Anonymous Policy”.
Select the zone as “Intranet” as anonymous access is enabled for this zone. you can enable for other zones following the previous step. Next select “Anonymous User Policy” that you want to apply let’s say “None”.
Advertisements
There are 3 anonymous user policy level available as below, you can select as per requirement.
None: Default permissions to anonymous users will be applied as NT AUTHORITY\Authenticated Users and All Authenticated Users have.
Deny Write: Read access to all content for site collections under that web application but no write access.
Select types of anonymous access policy that anonymous users can access like “Entire Web Site” or “Lists and Libraries” or “Nothing”. Select “Entire Web Site” so as to give access to all contents in that site. uncheck “Require Use Remote Interfaces Permission”, click “OK”.
Advertisements
We can further restrict permissions at the document library level. Navigate to “Document Library”. Click on Library Settings and select “Permissions for this document library” and click on “Stop Inheriting Permissions”.
Advertisements
You will get option in ribbon “Anonymous Access” Click on that “Anonymous Access”. Select the permission you want to assign and click “OK”.
Advertisements
Next you can check the Site Collection feature “Limited-access user permission lockdown mode”. It should not be active so as to get access at the Application Page Level.
What is sharepoint web application user policy and permission policy level ? This is what exactly i will try to share in this post step by step. We can manage permissions like allow or deny/restrict for specific user or group directly from the sharepoint web application. User or group permission in sharepoint site collections or sites created under same web application can be restricted irrespective of the permission assigned to them at site level by creating permission policy for that web application.
Advertisements
There are 4 user permission policy level available as default which are “Full Control”, “Full Read”, “Deny Write”,”Deny All”.
we can manage permission policy levels like “Add Permission Policy Level”, “Edit Permission Policy Level”, “Delete Permission Policy Level”,”Add Users to Permission Policy Level”, “Delete Users from Permission Policy Level”, “Delete Users from Permission Policy Level”.
Advertisements
Add Permission Policy Level
Let’s discuss about, how to create custom permission policy level related to sharepoint web application user policy apart from the default user permission policy levels. user policy and permission policy level creation step by step procedure described below.
Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
Select one web application for which user permission policy level will be created and click on “Permission Policy”.
Dialog box “Manage permission Policy level” will open. You will find different options like “Add Permission Policy Level”,”Delete Selected Permission Policy Level”,”4 default Permission Policy Level”.
Advertisements
Click on “Add Permission Policy Level”, will open a dialog box with fields and check boxes. Enter “Name” and “Description” of permission policy level. Select “Site Collection Permissions” check boxes and proceed towards selection of each permission required for that permission policy level.
Advertisements
Select the check box “Deny” to prevent that permission and “Grant” to allow permission in the categories like “List Permissions”, “Site Permissions”, “Personal Permissions”. Once selection complete, click on “Save”.
Below are the options under “List Permissions”, you can choose to “Grant” or “Deny” in permission policy level.
Advertisements
Manage Lists
Create and delete lists, add or remove columns in a list, and add or remove public views of a list.
Override List Behaviors
Discard or check in a document which is checked out to another user, and change or override settings which allow users to read/edit only their own items
Add Items
Add items to lists and add documents to document libraries.
Edit Items
Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.
Delete Items
Delete items from a list and documents from a document library
View Items
View items in lists and documents in document libraries.
Approve Items
Approve a minor version of a list item or document
Open Items
View the source of documents with server-side file handlers
View Versions
View past versions of a list item or document.
Delete Versions
Delete past versions of a list item or document.
Create Alerts
Create alerts
View Application Pages
View forms, views, and application pages. Enumerate lists
Advertisements
Below are the options under “Site Permissions”, you can choose to “Grant” or “Deny” in permission policy level.
Advertisements
Manage Permissions
Create and change permission levels on the Web site and assign permissions to users and groups.
View Web Analytics Data
View reports on Web site usage.
Create Subsites
Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
Manage Web Site
Grants the ability to perform all administration tasks for the Web site as well as manage content.
Add and Customize Pages
Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Microsoft SharePoint Foundation-compatible editor.
Apply Themes and Borders
Apply a theme or borders to the entire Web site.
Apply Style Sheets
Apply a style sheet (.CSS file) to the Web site.
Create Groups
Create a group of users that can be used anywhere within the site collection.
Browse Directories
Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces
Use Self-Service Site Creation
Create a Web site using Self-Service Site Creation
View Pages
View pages in a Web site.
Enumerate Permissions
Enumerate permissions on the Web site, list, folder, document, or list item.
Browse User Information
View information about users of the Web site.
Manage Alerts
Manage alerts for all users of the Web site.
Use Remote Interfaces
Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.
Use Client Integration Features
Use features which launch client applications. Without this permission, users will have to work on documents locally and upload their changes.
Open
Allows users to open a Web site, list, or folder in order to access items inside that container
Edit Personal User Information
Allows a user to change his or her own user information, such as adding a picture
Advertisements
Below are the options under “Personal Permissions”, you can choose to “Grant” or “Deny” in permission policy level.
Manage Personal Views
Create, change, and delete personal views of lists.
Add/Remove Personal Web Parts
Add or remove personal Web Parts on a Web Part Page.
Update Personal Web Parts
Update Web Parts to display personalized information.
Advertisements
Delete Permission Policy level
User policy and permission policy level deletion step by step procedure described below.
Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
Select one web application and click on “Permission Policy”.
Dialog box “Manage permission Policy level” will open, select the permission policy level you want to delete and click on “Delete Selected Permission Policy Level”.
Confirmation dialog will open for confirmation in deleting that selected permission policy level, click “OK” and that will be removed.
Advertisements
Edit Permission Policy Level
User policy and permission policy level edit step by step procedure described below.
Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
Select the web application and click on “Permission Policy”.
Dialog box “Manage permission Policy level” will open, click on the permission policy level that you want to edit (Ex. Deny All/Deny Write).
Dialog box “Edit Permission Policy Level” will open where you can make changes by selecting or removing each permissions granted or denied for that Permission Policy Level.
Advertisements
Add user to user policy
Below step by steps preocedure describes, how to add users to permission policy level.
Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
Select the web application and click on “User Policy”.
“Policy for Web Application” dialog box will open when you can find different options like “Add Users”.”Delete Selected Users”,”Edit Permissions of Selected Users”.
Click on “Add Users”, you will get a dialog box where you need choose the zone for which that will be applicable. You can select “All Zones” or can apply for “Default” zone only and click “Next”.
Enter “User Name or Group Name”, “Permission Policy Level” and click “Finish”.
Advertisements
Delete user from user policy
Below step by steps preocedure describes, how to delete user from permission policy level.
Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
Select the web application and click on “User Policy”.
“Policy for Web Application” dialog box will open, Select the user you want to delete and click “Delete Selected Users”. Confirmation dialog box will open, click “OK” from that.
Advertisements
Edit User Policy
Below step by steps preocedure describes, how to edit user permission policy.
Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
Select the web application and click on “User Policy”.
“Policy for Web Application” dialog box will open, Select the user you want to edit and click “Edit Permissions of Selected Users”.
From next dialog box change the Permission Policy Level and click “Save”.
I was getting access denied error while creating content type policy template in sharepont online. i tried the solution as below to resoleve the issue. let’s disucss how to resolve access denied content type policy templates error. the solution is applicable for the error Access denied uploading template to content type.
Navigate to site settings in sharepoint and click on “content type policy template” to create a custom policy template.
Advertisements
site settings in sharepoint
Advertisements
Error “access denied content type policy templates” screenshot as below
access denied error while creating content type policy templates
Advertisements
Solution
Enable below settings in sharepoint admin center.
Allow users to run custom script on personal sites
Allow users to run custom script on self-service created sites
enable custom script sharepoint online
Advertisements
Enable Custom script in site
next step to enable cutom script in site using powershell
