search

Policy: File Access Allow Policy for Cursor

This example shows a File Access policy that explicitly allows file access for a specific application (Cursor) on targeted endpoints. It’s useful for demonstrating how to ensure a trusted developer tool keeps working when other File Access policies might otherwise block or require approval.

hashtag
What This Policy Does

  • Applies a File Access rule in enforce mode.

  • Targets:

    • Any user (*)

    • A specific application (one App ID, representing Cursor)

    • One specific endpoint (one Machine ID)

  • On a match, it applies an ALLOW control.

  • Does not require the user to acknowledge the notification.

hashtag
Why It Behaves This Way

  • Application-Scoped Allowlist: Because the application targeting is a single App ID (not *), only Cursor (as identified by that App ID) is covered.

  • Broad User Scope: The wildcard user targeting means any user on the targeted endpoint can benefit from the allow rule.

  • Enforced Allow: The policy is set to enforce and the success control is ALLOW, so matching activity is permitted.

  • Standard Checks With No Extra Constraints: Date/Time/Day/Certificate restrictions are empty, so the behavior mainly depends on whether the user, machine, and application match.

hashtag
What The User Experiences

  • When users run Cursor on an in-scope endpoint, they should not see blocks or approval prompts caused by File Access restrictions—because this policy explicitly allows it (assuming your policy precedence/conflict handling permits the allow to take effect).

  • The policy includes a notification message, but acknowledgement is not required, so it should not interrupt the workflow.

hashtag
Important Notes And Common Adjustments

  • Fix The Notification Message: The current notification text references “monitor mode” and mentions MFA/justification/request to run as administrator, but this is a File Access policy that is enforced and applies ALLOW. Update or remove the message so it accurately reflects what the policy does.

  • Narrow The User Scope If Needed: Replace * with specific users/groups if Cursor should only be allowed for a subset of users.

  • Add Certificate Constraints For Higher Assurance: If supported in your environment, restrict the allow rule to a known signer/publisher or certificate hash so only trusted builds are permitted.

  • Consider File-Path Scoping: If the goal is to allow Cursor only for certain folders or file types, add folder/file pattern constraints rather than allowing broadly for the app.

hashtag
Example JSON

PreviousPolicy: File Access Allow Policy for pgAdminNextPolicy: File Access Allow Policy for Visual Studio Code

Last updated

Was this helpful?