Trust Levels
Trust levels are the foundation of file and dialog control. Each level sets the overall posture of a session toward the file system, and the built-in policy sets are named after them.
The four levels
| Level | Posture | Typical use |
|---|---|---|
notrust | Most restrictive. File access is denied or tightly mediated through controlled, browser-native dialogs. | Sensitive applications; untrusted users; default starting point. |
lowtrust | Limited access to a constrained set of locations. | Standard business users who need a defined working area. |
fulltrust | Broad file-system access with minimal mediation. | Trusted administrators or applications that genuinely require it. |
disposable | Ephemeral working area; files do not persist beyond the session. | Throwaway tasks and high-isolation scenarios. |
What a trust level affects
- File open/save — which locations are visible and whether saving is allowed.
- Dialog behaviour — how native Windows file dialogs are redirected to browser-native equivalents.
- Print-to-file — whether and where print output can be written.
Choosing a level
Start at notrust and raise the level only where a workflow genuinely requires it. Most line-of-business applications work well at lowtrust with a small set of path rules. Reserve fulltrust for trusted operators. To apply a level, set it on the Security tab of a policy set — see File Access Policies.