An Active directory user group has been added to Central Administration Policy with "full control" permissions to a Web Application. This group should have Read Only" access. When the group is removed or "Policy" level changed in Central Administration, no member can access the Web App/portal. Is there any way to correct this.?

Is that same Active Directory group added to the specific site collection in that web application with read access?http://donahoo-development.com