Device Management Profile

SystemPolicyRule

The payload for configuring the system policy.

Properties

Comment
string

This string appears in the System Policy UI. If it's missing, PayloadDisplayName or PayloadDescription is entered into this field before the rule is added to the System Policy database.

Expiration
date

The expiration date for rules being processed.

LeafCertificate
data

The single leaf certificate for the app that should be white listed.

OperationType
string

The type of operation.

Priority
number

The rule's priority.

Requirement
string

The policy requirement. This key must follow the syntax described in Code Signing Requirement Language.

Discussion

Specify com.apple.systempolicy.rule as the payload type.

This payload allows control over Gatekeeper's system policy rules. The keys and functionality are tightly related to the spctl command line tool. For more information, see the manual page for spctl.

This payload must only exist in a device profile. If the payload is present in a user profile, an error is generated during installation and the profile installation fails.

Profile Availability

Device Channel

macOS

User Channel

-

Allow Manual Install

macOS

Requires Supervision

-

Requires User Approved MDM

-

Allowed in User Enrollment

-

Allow Multiple Payloads

macOS

See Also

System Policy

object SystemPolicyControl

The payload for configuring the system policy for assessments.

object SystemPolicyKernelExtensions

The payload for configuring the kernel extension policies.

object SystemPolicyManaged

The payload for configuring the Finder's contextual menu to bypass the system policy.