Permission policies in Sharepoint 2010

SPSecurity.RunWithElevatedPrivileges(delegate()

               {

                   SPWebApplication webApp = properties.Feature.Parent as SPWebApplication;

                   SPPolicyRole RestrictThemes;

                   //we are removing the ApplyStyleSheets permission and ApplyThemeAndBorder permission by passing this

                   //to Policyroles.

                   SPBasePermissions RestrictPermissions = SPBasePermissions.ApplyStyleSheets | SPBasePermissions.ApplyThemeAndBorder;

                   //we are not granting any permissions

                   SPBasePermissions GrantPermissions = new SPBasePermissions();

                   RestrictThemes = webApp.PolicyRoles["Restrict Themes"];

                   if (RestrictThemes == null)

                   {

                       RestrictThemes = webApp.PolicyRoles.Add("Restrict Themes", "Restricts themes to be modified by anybody",

                                                       GrantPermissions,

                                                       RestrictPermissions);

                       webApp.Update();

                   }

                   SPPolicy policy = webApp.Policies.Add("NT Authority\\Authenticated users", "All Authenticated Users");

                   policy.PolicyRoleBindings.Add(RestrictThemes);

                   webApp.Update();

});

1. In the above code we take the web application object using properties parameter of the FeatureActivated method.
   
   
2. Then create a base permission called RestrictPermissions and assigning ApplyStyleSheets and AppythemeAndBorder
   
   
3. Next, create an empty Permission called GrantPermissions
   
   
4. Then try to retrieve the "Restrict Themes" and if it is null, create the "Permission Policy" by calling the add method of PolicyRoles. For this method, pass the GrantPermissions and RestrictPermissions. The add method takes four parameters name, description, allow permissions and deny permissions. For the deny permissions, pass the restrict permissions that's been created.
   
   
5. The "Permission Policy" once created will look like this in UI.
   
   
    
6. This will make sure that the users who are added to this policy at the Web Application level will not be able to modify the themes
   
   
7. Next step in the code, add the authenticated users to this policy
   
   
8. We cannot directly add users to this policy, rather, we should add the bindings for the policy by calling PolicyBindings.Add method and passing the Restrict Policy as parameter
   
   
9. Finally, call the Update() method for the web application to make the changes
   
   
10. After we deploy and activate the feature, all authenticated users would have been added to this Policy, meaning, nobody in the site should be able to modify themes
     
11. The deactivate method will simply remove the Policy

                {

                    SPWebApplication webApp = properties.Feature.Parent as SPWebApplication;

                    SPPolicyRole RestrictThemes;

                    RestrictThemes = webApp.PolicyRoles["Restrict Themes"];

                    if (RestrictThemes != null)

                    {

                        webApp.PolicyRoles.Delete("Restrict Themes");

                        webApp.Update();

                    }
                }); 

This approach might be useful; if we want to make sure that for a particular web application none of the users should modify the themes and should utilize only the corporate themes that have been defined.