What are User Policy and Permission Policy for under SharePoint2010 Web Application?

What are User Policy and Permission 开发者_StackOverflow中文版Policy for under SharePoint2010 Web Application?

These screens allow an administrator to set permissions per web application. They are like site collection permissions, but permission here apply to all sites in a web application.

The "permission policies" define groups of permission rights (similar to permissions levels of a site collection).

Full Read - good for search/caching
Full Control - good for global admins
Deny Write - good for public facing
Deny All - good for restricted sites

The "user policy" area, then allows you to assign those permission polices to certain users/groups.

The default users policies for example, allow the search account to read all sites in a web application, without having to set permissions individually on each site collection. Another policy you should add is for the caching account.

An example of a custom policy, would be denying deleting items/version on a whole web application for certain users, maybe for an public facing extended web application.