This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!
Named Permission sets
Named permission sets represent collections of permissions that may be assigned to code groups to grant those permissions to code in that group. More than one code group may be assigned the same named permission set. For example, to grant the same set of permissions to several extranet business partner sites, a single named permission set can be defined and assigned to several code groups for the respective sites.
A description can be associated with named permission sets to describe the permissions they define. There are three kinds of named permission sets:
- standard permission sets that are pre-defined and cannot be changed,
- pre-defined permission sets that may be modified by the administrator,
- and user-defined custom permission sets (names of custom permission sets must not conflict with the standard or pre-defined permission sets).
In the hierarchical administration model, named permission sets are defined and used within a level and cannot be referenced from other levels. The standard and pre-defined permission sets are available at all.
Named permission sets may not contain identity permissions.
The standard permission sets are as follows:
- Nothing: does not have permission to run
- Execution: only permission to run, but no other permissions to allow use of protected resources
- Everything: all standard permissions, except SkipVerification
- SkipVerification: permission to run even if unverifiable, but no other permissions to allow use of protected resources.
- FullTrust: unrestricted access to protected resources, including all standard permissions and any custom ones.
The pre-defined permission sets are:
- Internet: the default policy permission set suitable for content from unknown origin
- LocalIntranet: the default policy permission set for within an enterprise