SharePoint Blogs / SharePoint University
SharePoint Blogs and SharePoint University - all in one place!
Ethan's blog » Inspecting Policies for a Web Application
Need SharePoint Training? Attend a SharePoint Bootcamp!

Please delete cookies related to sharepointblogs.com and sharepointu.com to resolve login issues!

Inspecting Policies for a Web Application

MOSS 2007 has a new feature called Web Application Policies. These are security permissions that is tied to a Web Application. These security settings override any security setting that is set at the Site Collection or Site (Web) level for that user. This post will show you how to get all the policies for a Web Application and see what kind of rights they are.

On the SPWebApplication object there is a property called Policies. This property is a SPPolicyCollection that contains SPPolicy objects. The UserName property contains the name of the AD user or group that this policy belongs to. Because a policy can actually have a Grant and Deny permisions assigned to it, there is a property called PolicyRoleBindings that contain all the permission bindings for this property. we can simply loop through the role bindings and inspect them to see what kind of bindings they are. Below is a utility method that will inspect the policies for a Web Application passed in.

private void InspectPolcies(SPWebApplication oWebApplication)
{
    // Loop through the web application policies
    foreach (SPPolicy oPolicy in oWebApplication.Policies)
    {
        // The user name of the policy we are looking at
        string strUserName = oPolicy.UserName;

        // Loop through the policy role bindings for this policy
        foreach (SPPolicyRole oPolicyRole in oPolicy.PolicyRoleBindings)
        {
            // See if the grant policy is NOT empty
            if (oPolicyRole.GrantRightsMask != SPBasePermissions.EmptyMask)
            {
                // Put your grant policy processing code here...
            }

            // See if we have a deny policy
            if (oPolicyRole.DenyRightsMask != SPBasePermissions.EmptyMask)
            {
                // Put your deny policy processing code here...
            }
        }
    }
}

Enjoy!!!

Posted 09-11-2007 8:59 PM by ethan

Comments

SharePoint 2007 link love 09-12-2007 at Virtual Generations wrote SharePoint 2007 link love 09-12-2007 at Virtual Generations
on 09-12-2007 6:00 AM

Pingback from  SharePoint 2007 link love 09-12-2007 at  Virtual Generations

Links (9/13/2007) « Steve Pietrek’s SharePoint Stuff wrote Links (9/13/2007) « Steve Pietrek’s SharePoint Stuff
on 09-13-2007 7:11 PM

Pingback from  Links (9/13/2007) « Steve Pietrek’s SharePoint Stuff

Mirrored Blogs wrote Web Application Policy, Security Sites and Security Trimming -- Know your configuration
on 10-17-2007 1:33 PM

I had one of those "why is MOSS doing this to me????" moments today. In the end, it's all

sharepoint web application policy wrote sharepoint web application policy
on 07-11-2008 12:20 AM

Pingback from  sharepoint web application policy

Create Custom Policy programmatically | 21apps wrote Create Custom Policy programmatically | 21apps
on 07-23-2008 11:51 AM

Pingback from  Create Custom Policy programmatically | 21apps

Ven wrote re: Inspecting Policies for a Web Application
on 10-25-2008 11:26 PM

Hi,

  I am trying to get the users from the "Policy of Web Application" in Central Administration through Object Model

and also trying to add users to the same Policy through object model. I am using the following code to achieve

this. But I am getting an "Object Reference Not Set to an Instance of an Object" exception when I am trying to call

the Update Method of the SPWebApplication object.

Please help me. The strange thing happening here is,when I am trying to add the users to the WebApplication policy,

the users are getting added to though the update fails. The next time when I debug the application, I do see the

new users added though the update failed. Moreover, I am not able to see the newly added users in the "Policy For

Web Application" section of the Central Administration. Can anyone please help me out. Here is the code which I am

using to achieve this.

SPFarm farm = SPFarm.Local;  

SPWebService service = farm.Services.GetValue<SPWebService>("");  

foreach(SPWebApplication webApp in service.WebApplications)  

{  

 if(webApp.Name == "My Web App")  

       {  

           webApp.ZonePolicies(SPUrlZone.Default).Add("username","displayname");  

           webApp.Update();  // I am getting the Object Reference error at this line  

       }  

}  

Please help me ASAP.

rasitha wrote re: Inspecting Policies for a Web Application
on 05-25-2009 6:13 AM

Thanks for the sharing this website. it is very useful professional knowledge. Great idea you know about company background.

<a href="http://www.itsolusenz.com">web application development</a>

Add a Comment

(required)  
(optional)
(required)  
Remember Me?
Need SharePoint Training? Attend a SharePoint Bootcamp!
Posts (c) their respective authors. Everything else (c) 2009 SharePoint Experts, Inc.