NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Attributes

Code groups can have the following attributes, which affect how allowed permission sets are determined:

Exclusive: If code is a member of a code group that is marked Exclusive, the allowed permission set for the policy level will be the permission set associated with that code group. When all policy levels are taken into account, the code will never be allowed more permissions than those associated with the Exclusive code group. Within a given policy level, code can be a member of no more than one code group that has the Exclusive attribute.

Level Final: No policy levels below the one containing this code group are considered when checking code group membership and granting permissions; machine policy is the highest level of policy, followed by user policy, then application domain policy. For example, if the LevelFinal attribute is set for a code group in machine policy and some code matches the membership condition of this code group, neither the user level policy nor the application domain policy would be applied to that code.

A code group can be marked with both the Exclusive and LevelFinal attributes.