Policy Sets & the Editor
A policy set is a named, reusable bundle of security, session and resources JSON plus metadata. You assign policy sets to organizations (as a default) and to workspaces, so one baseline applies consistently across many sessions. This page covers the editor itself — the Basic Information fields, the clone workflow, import/export and validation.
Basic Information
These three fields live at the top level of the policy template, alongside the JSON blobs. They are stored as columns on the policy-set record, not inside security/session/resources.
| Field | JSON key | Type | Required | Rules |
|---|---|---|---|---|
| Policy Name | name | string | yes | Pattern ^[a-z][a-z0-9_]*$. The editor auto-normalizes input (lowercase, spaces→_, strips other characters). |
| Description | description | string | yes | Human-readable purpose; minimum length 1. |
| Revision | revision | integer | yes | Minimum 1. Read-only in the editor; increment built-in templates to prompt upgrades. |
Clone and customise
The built-in policy sets — notrust, lowtrust, fulltrust, disposable — are read-only templates. Open a built-in for viewing and the whole form is disabled; to change anything, clone it first.
- Open Policies and select the built-in set closest to your requirement.
- Clone it and give the copy a descriptive
name(for example,finance_restricted). - Adjust the accordion sections — Resources, Printing, File System, Network, and so on — or edit the raw blobs under Advanced.
- Save, then assign the policy to a workspace or as an organization default.
Accordions vs Advanced JSON
Each accordion is a visual front end over part of the policy JSON. The Policy Configuration (Advanced) area exposes the same data as four editable JSON documents:
| Advanced tab | Edits |
|---|---|
| Security | securityPolicyJson → security |
| Session | sessionPolicyJson → session |
| Resources | resourcePolicyJson → resources |
| Metadata | metadataJson → metadata |
Some nodes have no visual control and are edited only through Advanced JSON (or set from defaults on create): clipboard, child processes, file dialogs, session lifecycle, remote desktop, audio and recording. Those are documented on their own pages in this section.
Assigning a policy set
- Organization default — applied to workspaces that do not specify their own.
- Per workspace — overrides the organization default for that workspace's sessions.
Import, export and validation
A policy set exports as a single JSON file containing name, description, revision, security, session, resources and metadata, so a tested baseline can move from proof of concept to production or live in version control. On import (edit mode) the file must be under 1 MB and contain the security, session and resources keys; importing replaces all current values but does not save until you confirm.
The Validate JSON button parses all four blobs and reports per-blob syntax errors before you save. The File System and Network sections additionally support importing and exporting section presets on their own.
Design a small number of role-shaped policy sets (for example, restricted, standard and trusted) rather than a unique policy per workspace. Fewer, well-named policies are far easier to review and audit.