I created this command because I was trying to debug an issue I was having. If you go through the central admin and remove a site permission for a web app (central admin > app management > user permissions for web applications) certain functionality that should work regardless of what setting you’ve removed no longer functions. For example – I removed “Apply Themes and Borders” for my intranet app:
I then went to site settings for one of my site collections and clicked the “Related Links Scope Settings” under Site Administration. The result is that I get an access denied error. The reason is that the code for this feature is checking whether the user’s Effective Base Permissions match the FullMask permission:
“0x7fffffffffffffffL” corresponds to the SPEffectiveBasePermissions.FullMask permission. In my case my account is a site collection administrator and site owner so I should always have full control over the site but because I’ve denied the apply themes and borders permission the permissions that come back for my user are as follows:
C:\>stsadm -o gl-enumeffectivebaseperms -url "http://intranet/hr"