Permission Policies: Administering SharePoint 2010 web site without site collection administrator role

In many situations, customers have security teams and audit teams. They ask for granting users permissions to view audit web analytic reports, manage only security and permissions of users....etc. In most organizations, granting "site collection administrator" role to these teams is simply unacceptable.

One of the pretty features in SharePoint 2010 is the ability to add and define administrative roles by Farm Administrators, so they can grant approperiate teams roles to audit and manage security in different web sites in the Farm. To start creating such roles...

Open Central Administration
On the left, click "Application Management" then click "Manage Web Applications". A list of available web applications should be listed.
Now select the web application you wish to secure, then click "Permission Policy" as shown. After the pop-up appears, click: "Add Permission Policy"

Now, Select the permissions you wish to grant.This is like you are assigning user to the web site and selecting his permission. In most cases for auditors, you select "Site Collection Auditor" and "View Web Analytics Data" as shown.

Now click OK once you finish.You should see something like the following screen and your "Auditor Role" listed in the available policies...

Now, You will need to add user to that permission policy. Again, click on the web application you want, then select "User Policy"
Add your user to the new policy
Make sure to test the new policy and ensure it works as expected.

Permission Policies are on the most forgettable features despite of its great value. In order to avoid surprises, make sure to plan it early.

Edit 29 Oct 2012:

The above steps are specific to viewing web analytic reports and not to site audit reports. After completing these steps, the user will be abe to view the web analytics data as shown below...