Add Web Application User Policy using PowerShell in SharePoint

SharePoint web application user policy is the ideal way to manage permissions at the web application level instead of individual site collections. E.g. You want to provide full control to your CIO to all site collections in a intranet web application. Web app policy is discussed in my another article: SharePoint web application policy

Add Web Application Policy using PowerShell

How to Create Web Application Policy in SharePoint using PowerShell?

This PowerShell script adds new user policy to web application.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

$WebAppURL = ""
$UserID = "Global\EricConnell"
$UserDisplayName = "Global CIO"

#Get the Web Application
$WebApp = Get-spwebapplication $WebAppURL

#Convert the UserID to Claims - If your Web App is claims based!!!
   $UserAccount = (New-SPClaimsPrincipal -identity $UserID -identitytype 1).ToEncodedString()

#Create FULL Access Web Application User Policy
$ZonePolicies = $WebApp.ZonePolicies("Default")

#Add sharepoint web application user policy with powershell
$Policy = $ZonePolicies.Add($UserAccount,$UserDisplayName)

Write-Host "Web Application Policy for $($UserDisplayName) has been Granted!"

GetSpecialRole() function in SharePoint can take enumerations from: [Microsoft.SharePoint.Administration.SPPolicyRoleType], Such as: FullControl, FullRead, etc.

Here is my another article which adds Full Read and Full control web application user policies using Central Administration site and PowerShell: PowerShell to Add web application user policy in SharePoint

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. Passionate about sharing the deep technical knowledge and experience to help others, through the real-world articles!

One thought on “Add Web Application User Policy using PowerShell in SharePoint

  • If you wanted to find out what accounts already were added to the Web Application Policy for all web apps, how would you do that?


Leave a Reply

Your email address will not be published. Required fields are marked *