Security policy is structured as a hierarchy whose highest level is the policy that applies to all code running on a given machine. Beneath that is the user level that is compromised of individual policies for the different users on that machine. At the lowest level—the app domain policy level—a host can specify a policy that applies only to the code running within that app domain (see the NGWS Runtime Application Domains specification for more detail on app domains). Machine, user and app domain policy (if set by the host) are considered together so that only those permissions allowed by all are granted to code. In this way, each level of the security policy hierarchy can further restrict the final permission grant but no one level can cause code to be granted permissions not allowed by the others.
Each policy in the security policy is a code group hierarchy as described in the following section.