Policies

A policy set is where ACP earns its name. It defines the envelope every session runs inside — what users may do with files, printing, the clipboard, the network and child processes, plus session lifecycle, recording, isolation, drive mappings and compute caps. This section documents the policy JSON node by node, following the order of the Admin policy editor.

What a policy set is

In the IAM model the stored entity is a policy set. Its content is three JSON documents plus a metadata block, stored in separate columns and merged into a single policy document when a session starts:

Root nodeStored asControls
securitysecurityPolicyJsonClipboard, file system, data transfer, printing, network, child processes, file dialogs.
sessionsessionPolicyJsonLifecycle and timeouts, remote desktop, audio, recording, drive mappings, session isolation.
resourcesresourcePolicyJsonCPU/RAM caps, desktop resolution, frame rate, streamer mode, disk quota, capture offsets.
metadatametadataJsonTemplate bookkeeping only — not applied to sessions.

The top-level template also carries name, description and revision. The authoritative shape — every key, type, enum, default and min/max in this section — comes from the policy JSON schema shipped with the product and downloadable from the policy list page.

Anatomy of the editor

The editor presents visual accordions for common sections and an Advanced area with raw Security, Session, Resources and Metadata JSON tabs.

The Admin console edits a policy set through a single form. Most sections are accordions with visual controls; everything else is reachable through the Policy Configuration (Advanced) area, which exposes the four JSON blobs directly. Visual editors and the Advanced JSON tabs write the same underlying nodes — the accordions are a friendly front end over the JSON documented here.

Editor sections at a glance

The pages in this section follow the editor order. Each one documents its JSON node in full, with a property table, a sample, and any global override behaviour.

Editor sectionJSON nodeReference
Basic Informationname, description, revisionPolicy Sets & the Editor
ResourcesresourcesResources
Printingsecurity.printingPrinting
Client Data Transfersecurity.dataTransferClient Data Transfer
File Systemsecurity.fileSystemFile System
Network Isolationsecurity.networkNetwork Isolation
Session Isolationsession.sessionIsolationSession Isolation
Drive Mappingssession.driveMappingsDrive Mappings
Advanced — Securitysecurity.clipboardClipboard
Advanced — Securitysecurity.childProcessPolicyChild Process Control
Advanced — Securitysecurity.dialogsFile Dialogs
Advanced — Sessionsession lifecycleSession Lifecycle
Advanced — Sessionsession.remoteDesktop, session.audioRemote Desktop & Audio
Advanced — Sessionsession.recordingRecording
Advanced — MetadatametadataMetadata

Two layers: policy set vs app.config.xml

Per-workspace policy JSON is applied over the global app.config.xml baseline; some global settings act as a ceiling, floor or gate that policy cannot cross.

There are two configuration layers. The policy set JSON is the per-workspace / per-user layer authored in the Admin console. The global app.config.xml is an operator-controlled file read by the Gateway service; effective enforcement then happens on the backend Session Manager (which writes policy.json and applies NTFS and firewall rules) and inside the session Streamer.

As a rule, policy wins per session — it overrides app.config defaults for any key it sets. But several global settings are deliberately non-negotiable. They behave as one of:

Where app.config.xml overrides policy

Audio enable is a ceiling; network.allowLoopback is forced true; fileSystem.blockedPaths is unioned with the global default-blocked and protected paths; the filesystem-restrictions master switch is a gate; security.dialogs.* is applied from app.config <headlessDialogs> (policy values are logged only); recording follows the precedence User > Workspace policy > Org > app.config global. Each page below calls out its specific behaviour.

Built-in policy sets

Four policy sets ship with every deployment, aligned to the file-system trust levels: notrust, lowtrust, fulltrust and disposable. Built-ins are read-only — clone one and tailor the copy rather than editing the template. See Trust Levels for the security rationale behind each.