Add Web Application User Policy using PowerShell in SharePoint
SharePoint web application user policy is the ideal way to manage permissions at the web application level instead of individual site collections. E.g. You want to provide full control to your CIO to all site collections in a intranet web application. Web app policy is discussed in my another article: SharePoint web application policy
How to Create Web Application Policy in SharePoint using PowerShell?
This PowerShell script adds new user policy to web application.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Variables
$WebAppURL = "https://sharepoint.crescent.com"
$UserID = "Global\EricConnell"
$UserDisplayName = "Global CIO"
#Get the Web Application
$WebApp = Get-spwebapplication $WebAppURL
#Convert the UserID to Claims - If your Web App is claims based!!!
if($WebApp.UseClaimsAuthentication)
{
$UserAccount = (New-SPClaimsPrincipal -identity $UserID -identitytype 1).ToEncodedString()
}
#Create FULL Access Web Application User Policy
$ZonePolicies = $WebApp.ZonePolicies("Default")
#Add sharepoint web application user policy with powershell
$Policy = $ZonePolicies.Add($UserAccount,$UserDisplayName)
$FullControl=$WebApp.PolicyRoles.GetSpecialRole("FullControl")
$Policy.PolicyRoleBindings.Add($FullControl)
$WebApp.Update()
Write-Host "Web Application Policy for $($UserDisplayName) has been Granted!"
GetSpecialRole() function in SharePoint can take enumerations from: [Microsoft.SharePoint.Administration.SPPolicyRoleType], Such as: FullControl, FullRead, etc.
Here is my another article which adds Full Read and Full control web application user policies using Central Administration site and PowerShell: PowerShell to Add web application user policy in SharePoint
If you wanted to find out what accounts already were added to the Web Application Policy for all web apps, how would you do that?