user policy and permission policy level in sharepoint web application

What is sharepoint web application user policy and permission policy level ? This is what exactly i will try to share in this post step by step. We can manage permissions like allow or deny/restrict for specific user or group directly from the sharepoint web application. User or group permission in sharepoint site collections or sites created under same web application can be restricted irrespective of the permission assigned to them at site level by creating permission policy for that web application.

There are 4 user permission policy level available as default which are “Full Control”, “Full Read”, “Deny Write”,”Deny All”.

manage permission policy levels

we can manage permission policy levels like “Add Permission Policy Level”, “Edit Permission Policy Level”, “Delete Permission Policy Level”,”Add Users to Permission Policy Level”, “Delete Users from Permission Policy Level”, “Delete Users from Permission Policy Level”.

Add Permission Policy Level

Let’s discuss about, how to create custom permission policy level related to sharepoint web application user policy apart from the default user permission policy levels. user policy and permission policy level creation step by step procedure described below.

  • Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
  • Select one web application for which user permission policy level will be created and click on “Permission Policy”.
  • Dialog box “Manage permission Policy level” will open. You will find different options like “Add Permission Policy Level”,”Delete Selected Permission Policy Level”,”4 default Permission Policy Level”.
manage permission policy levels
  • Click on “Add Permission Policy Level”, will open a dialog box with fields and check boxes. Enter “Name” and “Description” of permission policy level. Select “Site Collection Permissions” check boxes and proceed towards selection of each permission required for that permission policy level.
Add create custom permission policy level
  • Select the check box “Deny” to prevent that permission and “Grant” to allow permission in the categories like “List Permissions”, “Site Permissions”, “Personal Permissions”. Once selection complete, click on “Save”.

Below are the options under “List Permissions”, you can choose to “Grant” or “Deny” in permission policy level.

user policy permission policy level list permissions
Manage ListsCreate and delete lists, add or remove columns in a list, and add or remove public views of a list.
Override List BehaviorsDiscard or check in a document which is checked out to another user, and change or override settings which allow users to read/edit only their own items
Add ItemsAdd items to lists and add documents to document libraries.
Edit ItemsEdit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.
Delete ItemsDelete items from a list and documents from a document library
View ItemsView items in lists and documents in document libraries.
Approve ItemsApprove a minor version of a list item or document
Open ItemsView the source of documents with server-side file handlers
View VersionsView past versions of a list item or document.
Delete VersionsDelete past versions of a list item or document.
Create AlertsCreate alerts
View Application PagesView forms, views, and application pages. Enumerate lists
  • Below are the options under “Site Permissions”, you can choose to “Grant” or “Deny” in permission policy level.
user policy permission policy level site permissions
Manage PermissionsCreate and change permission levels on the Web site and assign permissions to users and groups.
View Web Analytics DataView reports on Web site usage.
Create SubsitesCreate subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
Manage Web SiteGrants the ability to perform all administration tasks for the Web site as well as manage content.
Add and Customize PagesAdd, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Microsoft SharePoint Foundation-compatible editor.
Apply Themes and BordersApply a theme or borders to the entire Web site.
Apply Style SheetsApply a style sheet (.CSS file) to the Web site.
Create GroupsCreate a group of users that can be used anywhere within the site collection.
Browse DirectoriesEnumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces
Use Self-Service Site CreationCreate a Web site using Self-Service Site Creation
View PagesView pages in a Web site.
Enumerate PermissionsEnumerate permissions on the Web site, list, folder, document, or list item.
Browse User InformationView information about users of the Web site.
Manage AlertsManage alerts for all users of the Web site.
Use Remote InterfacesUse SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.
Use Client Integration FeaturesUse features which launch client applications. Without this permission, users will have to work on documents locally and upload their changes.
OpenAllows users to open a Web site, list, or folder in order to access items inside that container
Edit Personal User InformationAllows a user to change his or her own user information, such as adding a picture
  • Below are the options under “Personal Permissions”, you can choose to “Grant” or “Deny” in permission policy level.
user policy permission policy level personal permissions
Manage Personal ViewsCreate, change, and delete personal views of lists.
Add/Remove Personal Web PartsAdd or remove personal Web Parts on a Web Part Page.
Update Personal Web PartsUpdate Web Parts to display personalized information.

Delete Permission Policy level

User policy and permission policy level deletion step by step procedure described below.

  1. Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
  2. Select one web application and click on “Permission Policy”.
  3. Dialog box “Manage permission Policy level” will open, select the permission policy level you want to delete and click on “Delete Selected Permission Policy Level”.
  4. Confirmation dialog will open for confirmation in deleting that selected permission policy level, click “OK” and that will be removed.

Edit Permission Policy Level

User policy and permission policy level edit step by step procedure described below.

  1. Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
  2. Select the web application and click on “Permission Policy”.
  3. Dialog box “Manage permission Policy level” will open, click on the permission policy level that you want to edit (Ex. Deny All/Deny Write).
  4. Dialog box “Edit Permission Policy Level” will open where you can make changes by selecting or removing each permissions granted or denied for that Permission Policy Level.

Add user to user policy

Below step by steps preocedure describes, how to add users to permission policy level.

  1. Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
  2. Select the web application and click on “User Policy”.
  3. “Policy for Web Application” dialog box will open when you can find different options like “Add Users”.”Delete Selected Users”,”Edit Permissions of Selected Users”.
  4. Click on “Add Users”, you will get a dialog box where you need choose the zone for which that will be applicable. You can select “All Zones” or can apply for “Default” zone only and click “Next”.
  5. Enter “User Name or Group Name”, “Permission Policy Level” and click “Finish”.

Delete user from user policy

Below step by steps preocedure describes, how to delete user from permission policy level.

  1. Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
  2. Select the web application and click on “User Policy”.
  3. “Policy for Web Application” dialog box will open, Select the user you want to delete and click “Delete Selected Users”. Confirmation dialog box will open, click “OK” from that.

Edit User Policy

Below step by steps preocedure describes, how to edit user permission policy.

  1. Open SharePoint Central Administration. Click on Application management and select Manage Web Applications.
  2. Select the web application and click on “User Policy”.
  3. “Policy for Web Application” dialog box will open, Select the user you want to edit and click “Edit Permissions of Selected Users”.
  4. From next dialog box change the Permission Policy Level and click “Save”.



Categories: SharePoint 2019, sharepoint policy, sharepoint server, web application

Tags: , , , , , , , , , , , , , ,