Policy Sets & the Editor

A policy set is a named, reusable bundle of security, session and resources JSON plus metadata. You assign policy sets to organizations (as a default) and to workspaces, so one baseline applies consistently across many sessions. This page covers the editor itself — the Basic Information fields, the clone workflow, import/export and validation.

Basic Information

These three fields live at the top level of the policy template, alongside the JSON blobs. They are stored as columns on the policy-set record, not inside security/session/resources.

FieldJSON keyTypeRequiredRules
Policy NamenamestringyesPattern ^[a-z][a-z0-9_]*$. The editor auto-normalizes input (lowercase, spaces→_, strips other characters).
DescriptiondescriptionstringyesHuman-readable purpose; minimum length 1.
RevisionrevisionintegeryesMinimum 1. Read-only in the editor; increment built-in templates to prompt upgrades.

Clone and customise

The built-in policy sets — notrust, lowtrust, fulltrust, disposable — are read-only templates. Open a built-in for viewing and the whole form is disabled; to change anything, clone it first.

  1. Open Policies and select the built-in set closest to your requirement.
  2. Clone it and give the copy a descriptive name (for example, finance_restricted).
  3. Adjust the accordion sections — Resources, Printing, File System, Network, and so on — or edit the raw blobs under Advanced.
  4. Save, then assign the policy to a workspace or as an organization default.
The editor: visual accordions for common sections, plus an Advanced area exposing the raw Security, Session, Resources and Metadata JSON.

Accordions vs Advanced JSON

Each accordion is a visual front end over part of the policy JSON. The Policy Configuration (Advanced) area exposes the same data as four editable JSON documents:

Advanced tabEdits
SecuritysecurityPolicyJsonsecurity
SessionsessionPolicyJsonsession
ResourcesresourcePolicyJsonresources
MetadatametadataJsonmetadata

Some nodes have no visual control and are edited only through Advanced JSON (or set from defaults on create): clipboard, child processes, file dialogs, session lifecycle, remote desktop, audio and recording. Those are documented on their own pages in this section.

Assigning a policy set

Import, export and validation

A policy set exports as a single JSON file containing name, description, revision, security, session, resources and metadata, so a tested baseline can move from proof of concept to production or live in version control. On import (edit mode) the file must be under 1 MB and contain the security, session and resources keys; importing replaces all current values but does not save until you confirm.

The Validate JSON button parses all four blobs and reports per-blob syntax errors before you save. The File System and Network sections additionally support importing and exporting section presets on their own.

Tip

Design a small number of role-shaped policy sets (for example, restricted, standard and trusted) rather than a unique policy per workspace. Fewer, well-named policies are far easier to review and audit.