Share via


Addpermissionpolicy: Stsadm operation (Office SharePoint Server)

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

 

Topic Last Modified: 2015-03-09

Operation name: Addpermissionpolicy

Description

Adds a user to a policy role for the Web application based on the specified permission level name and corresponding zone. This operation is the command-line equivalent of the process used on the Policy for Web Application page in the SharePoint Central Administration Web site.

Syntax

stsadm -o addpermissionpolicy

**   -url <URL name>**

**   -userlogin <login name>**

-permissionlevel <permission policy level>

**\[-zone\] \<URL zone\>**

**\[-username\] \<display name\>**

Parameters

Parameter

Value

Required?

Description

url

A valid URL, such as http://server_name

Yes

The URL of the Web application to which the policy level is being added

userlogin

A valid user name in the form:

Domain\user_name.

For non-Windows accounts, a valid user name in the form:

providerName:user_name

Yes

The user login name

permissionlevel

A valid permission policy level to add to the permission policy. For example, Full Control, Full Read, Deny Write, or Deny All.

Yes

Specifies the appropriate permission policy level to grant or deny to this user. When you grant a permission, it gives the user the granted permission. However, when you deny a permission, it prevents a user from ever having this permission.

Note

Denying a right always supersedes granting a right.

zone

A valid zone, such as "Default"

No

When the zone parameter is not present, the policy applies to all zones. Only Windows NT accounts can be applied to all zones. Accounts in the format of providerName:user_name cannot be used for the all-zone policy.

username

A valid user name in the form of:

Firstname Lastname

No

The user or display name for the policy. If the user name is specified, it will be used; otherwise Active Directory is queried to resolve a user name.