Managing permissions for thousands of site collections can becomplicated and error-prone, especially if some users or groups need specific permissionsother than those that apply for the entire Web application.
-
Manage permissionpolicy levels (Look for the Green Box in the below picture) - Permission policy levelscontain permissions that apply to specific users or groups. You can specify acombination of List, Site, or Personal permissions. You can also specify “SiteCollection Administrator” & “Site Author” privileges at the site collectionlevels.
-
Manage user permission policy (Look for the Blue Boxin the below picture) - You can add users to a permission policy, edit the policysettings, and delete users from a permission policy. You can then applythis permission policy at the Zone levels for the set of users.
-
Manage permissionpolicy for anonymous users (Look for the Red Box in the below picture) - You can enable or disableanonymous access for a Web application. If you enableanonymous access for a Web application, site administrators can then grantor deny anonymous access at the site collection, site, or item level. Ifanonymous access is disabled for a Web application, no sites within that Webapplication can be accessed by anonymous users.
You should start creating custom policies if you would like tomanage permissions at the site collection levels. You can apply the policies atthe appropriate web application level.
You can also refer to the microsoft technet documentation on Managing Permissions on Sharepoint 2010 here.