An interesting question came up on StackOverflow – how do you get the web application level policies for a Web app? In other words, the rights that you can grant to an entire web application (via central administration) – how do you get those in code?

It turns out that this is done via the SPWebApplication.Policies collection, which is actually pretty simple to use:

System.Uri uri = new Uri("http://sp/");
SPWebApplication webApplication = SPWebApplication.Lookup(uri)
SPPolicyCollection policyCollection = webApplication.Policies;
SPPolicyRoleCollection policyRoles = webApplication.PolicyRoles;
foreach (SPPolicy p in policyCollection)
{
    Console.WriteLine("{0} - {1}", p.DisplayName, p.UserName);
    foreach (SPPolicyRole pr in p.PolicyRoleBindings)
    {
        Console.WriteLine("     {0} - IsAdmin: {1}, FullControl: {2}", pr.Name,
                pr.IsSiteAdmin, pr.GrantRightsMask == SPBasePermissions.FullMask);
    }
}

Might be useful someday.