Setting Permissions Policy On Web Applications In SharePoint 2013 Central Administration

In this article, we will see how to set up permissions policy on the Web Applications in SharePoint 2013 Central Admin. This configuration will help admin users with the defined permission level.

How to configure?

Let’s open Central Admin of SharePoint on your machine. On your Windows desktop screen, click Start >> Administrative Tools >> SharePoint 2013 Central Administration.


  • Run it as an administrator to have the elevated privileges.
  • You will see the screenshot given below.



  • Central Admin is configured under the categories given below.
  • Click on Application Management.

  • Go to Web Applications >> Manage Web Applications.
  • You will see the screen given below.


  • Here, we can see various options to work with the Web Applications.
  • Let’s see them from left to right in different parts of the article.

We have four categories, where the events have been categorized.

  1. Contribute
  2. Manage
  3. Security
  4. Policy

In this article, we will see “Permission Policy” under "Policy” category.

Permission Policy


  1. Select the Web Application and click "Permission Policy".
  2. You will see the screen below.


  • You can see the Permission Policy Lever and by default, it is given below.

    • Full Control
    • Full Read
    • Deny Write
    • Deny All

  • You can delete them and also create new permission policy level.
  • Click on Add Permission Policy Level to add a new permission policy.


  • Name
    Provide a name to the permission policy level.

  • Description
    Provide a description.

  • Site Collection Permissions
    You can choose among the site collection administrator and auditor or both to have the permissions on the site collection.

  • Permissions
    Once done, you can configure the levels accordingly by granting or denying the permissions on the site.



  • Manage Lists 
    The users can create and delete lists, add or remove columns in a list, and add or remove public views of a list.

  • Override List Behaviors
    The users can discard or check in a document, which is checked out by another user and change or override settings, which allows the users to read/edit only their own items.

  • Add Items
    The users can add items to the lists and adds documents to the document libraries.

  • Edit Items
    The users can edit the items in the lists, edit the documents in the document libraries and customize Web Part pages in the document libraries.

  • Delete Items
    The users can delete the items from a list and the documents from a document library.

  • View Items
    The users can view items in the lists and the documents in the document libraries.

  • Approve Items
    The users can approve a minor version of a list item or a document.

  • Open Items
    The users can view the source of the documents with the Server-side file handlers.

  • View Versions
    The users can view the past versions of a list item or a document.

  • Delete Versions
    The users can delete the past versions of a list item or a document.

  • Create Alerts
    The users can create alerts.

  • View Application Pages
    The users can view forms, views and Application pages and enumerate lists.




  • Manage Permissions
    The users can create and change permission levels on the Website and assign the permissions to the users and groups.

  • View Web Analytics Data
    The users can view report on Website usage.

  • Create Subsites
    The users can create subsites such as team sites, meeting Workspace sites and Document Workspace sites.

  • Manage Web Site
    The users can grant the ability to perform all administration tasks for the Web site as well as manage content.

  • Add and Customize Pages
    The users can add, change or delete HTML pages or Web PartpPages and edit the Website, using a Microsoft SharePoint Foundation-compatible editor.

  • Apply Themes and Borders
    The users can apply a theme or borders to the entire Website.

  • Apply Style Sheets
    The users can apply a style sheet (.CSS file) to the Website.

  • Create Groups
    The users can create a group of users, which can be used anywhere within the site collection.

  • Browse Directories
    The users can enumerate the files and folders in a Website, using SharePoint Designer and Web DAV interfaces.

  • Use Self-Service Site Creation
    The users can create a Website, using Self-Service Site creation.

  • View Pages
    The users can view the pages in a Web site.

  • Enumerate Permissions
    The users can enumerate the permissions on the Web site, list, folder, document or list item.

  • Browse User Information
    The users can view information about the users of the Website.

  • Manage Alerts
    Users can manage alerts for all users of the Web site.

  • Use Remote Interfaces
    The users can use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Website.

  • Use Client Integration Features
    The users can use features, which launch client Applications. Without this permission, the users will have to work on the documents locally and upload their changes.

  • Open
    The users can allow the users to open a Web site, list or folder in order to access the items inside that container.

  • Edit Personal User Information
    The users can allow a user to change his or her own user information, such as adding a picture.


  • Manage Personal Views
    The users can create, change and delete personal views of the lists.

  • Add/Remove Personal Web Parts
    The users can add or remove personal Web Parts on a Web Part page.

  • Update Personal Web Parts
    The users can update the Web Parts to display personalized information.

Once you click OK, the configuration selected by you will be added by default in all the sites within the Web and all the Permissions Policy will be configured under the zones.

This is an important feature as the policy will be inherited by all the sites under the Web Applications.

In this article, we saw how to manage permissions policy on the Web Application. There are more features under managing the central administration, which we will see in the next article.

Until then, keep reading and keep learning.