In signum quod Amicabiliter Computing incipiens tollet cum SharePoint, I see an increased number of My Site type questions. One common question goes something like this:
"I am an administrator and I need to be able to access every My Site. How do I do that?"
The trick here is that each My Site is its own site collection. SharePoint security is normally administered at the site collection level and this trips up many a SharePoint administrator. Normally, she already has access to configure security in the "main" site collectis et non intellexerunt quod ex hoc non sua sponte opus meum Sites.
Collectiones situ amplior collective vivunt intus continentis, which is the web application. Farm admins can can configure security at the web app level and this is how admins can grant themselves access to any site collection in the web application. This blog entry describes one of my personal experiences with web application policies. I defined a web application policy by accident: http://paulgalvin.spaces.live.com/Blog/cns!1CC1EDB3DAA9B8AA!255.entry.
Web application policies can be dangerous and I suggest that they be used sparingly. If I were an admin (Deo gratias et non sum), I would create a separate AD account named something like "SharePoint Web App Administrator" and give that one account the web application security role it needs. I would not configure this kind of thing for the regular farm admin or individual site collection admins. It will tend to hide potential problems because the web app role overrides any lower level security settings.
</finem>
Sequi me in Twitter ad http://www.twitter.com/pagalvin