SharePoint Farm Administrator Cannot Access Site, Gets Access Denied

Problem: SharePoint 2013 farm administrator cannot access site! They get access denied error.

Root cause:
Its a common misconception that SharePoint Farm Administrator will get access to all SharePoint sites in the farm automatically! Farm administrator get access denied error in SharePoint 2010 site collection when trying to browse.

Solution to SharePoint farm administrator access denied error

Farm Administrators get control over SharePoint Central Administration, but not all sites. So, we have to explicitly grant access to required web applications to the Farm Administrator through web application user policies by navigating to:

• Central Administration  >> Security
• Specify web application user policy >>

Add web application user policy in SharePoint using PowerShell

The above step can be automated for all web applications using PowerShell. Let’s add a user policy in the web applications to grant full access to all web applications on the farm.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#User to Add
$UserID="Global\SPAdmin"

#Add user to Web App user Policy

#Get All Web Applications and Iterate through
Get-SPWebApplication | foreach-object {
                $WebAppPolicy = $_.Policies.Add($UserID, $UserID)
                #Set Full Access 
                $PolicyRole = $_.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl)
                $WebAppPolicy.PolicyRoleBindings.Add($PolicyRole)
                $_.Update()
                Write-Host "Added user to $($_.URL)"
}