The payload for configuring the system policy.
- macOS 10.8+
This string appears in the System Policy UI. If it's missing,
Payload is entered into this field before the rule is added to the System Policy database.
The expiration date for rules being processed.
The single leaf certificate for the app that should be white listed.
The type of operation.
The rule's priority.
com as the payload type.
This payload allows control over Gatekeeper's system policy rules. The keys and functionality are tightly related to the
spctl command line tool. For more information, see the manual page for
This payload must only exist in a device profile. If the payload is present in a user profile, an error is generated during installation and the profile installation fails.
Allow Manual Install
Requires User Approved MDM
Allowed in User Enrollment
Allow Multiple Payloads