# Advanced Policy Types

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FuUgibsmscU2RQ1pmltjC%2Fimage.png?alt=media&#x26;token=b2bd909d-42b1-43d4-90c4-d0b739ec7799" alt=""><figcaption></figcaption></figure>

The **Advanced** **Mode** in the Policy form lets you view and edit the **raw JSON** for a policy. This is used when you need to configure settings that aren’t exposed in the standard form fields, or when you need to set a policy’s underlying `PolicyType` directly.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FQ9AjyzTwmx0E4QLlj9YM%2Fimage.png?alt=media&#x26;token=b38cd694-06cc-42a0-b2ca-25a270c37b42" alt=""><figcaption></figcaption></figure>

### When to use Advanced Mode

Use the Advanced Mode when you need to:

* Set a policy to a type that isn’t selectable in the UI (for example: `SettingsUpdate`, `JobUpdate`, `HttpAccess`, `Custom`)
* Provide structured configuration payloads (for example: a JSON string used by the endpoint processor)
* Add or modify fields that are not available in the standard policy editor

### What you’ll see in the JSON

While the exact structure can vary by policy type and platform, the JSON typically includes:

* **Policy metadata**
  * Name, description, and identifiers
* **Targeting**
  * The users, machines, applications, platforms, or collections that the policy applies to
* **Policy type**
  * A `PolicyType` field that identifies how the agent evaluates the policy
* **Policy configuration**
  * One or more objects containing the settings for that policy type (commonly an `Extension` object for configuration-driven policy types)

### How changes in JSON affect the policy

Edits in the Advanced Mode can:

* Change how the policy is interpreted by endpoints (for example, changing `PolicyType`)
* Add configuration that endpoints require for enforcement or processing
* Override or replace values configured in the standard UI fields (depending on the policy)

Because the JSON is authoritative, it’s important to treat it like a configuration file: small mistakes can prevent a policy from applying as expected.

### Step-by-step: Using the Advanced Mode safely

1. Create a policy using any available policy type in the standard UI (this provides a valid baseline structure).
2. Configure **Targeting** in the UI first (collections/users/machines/apps/platforms).
3. Open the **Advanced** tab.
4. Copy the full JSON and save it somewhere safe (so you can revert if needed).
5. Make the smallest change required:
   * Set `PolicyType` to the desired value
   * Add or update the required configuration object(s) (for example, `Extension`)
6. Save the policy.
7. Validate behavior on a small test scope before rolling out broadly.

### Common Advanced Mode use cases

### Update Settings (SettingsUpdate)

Used to push plugin or agent configuration to endpoints. Common pattern:

* Set `PolicyType` to `"SettingsUpdate"`
* Provide an `Extension` that identifies what to update and includes a full JSON payload to write

Read more about Update Settings Policy Type [Here](https://docs.keeper.io/en/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/update-settings-policy-type).

### Update Jobs (JobUpdate)

Used to add/update/delete job JSON on endpoints. Common pattern:

* Set `PolicyType` to `"JobUpdate"`
* Provide an `Extension` with `JobId`, `Action`, and (for add/update) a full `JobJson` payload

Read more about Update Jobs Policy Type [Here](https://docs.keeper.io/en/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/update-jobs-policy-type).

### HTTP Access (HttpAccess)

Used to evaluate and enforce outbound web access rules. Common pattern:

* Set `PolicyType` to `"HttpAccess"`
* Provide URL matching rules and any associated allow/deny behavior fields required by your implementation

Read more about HTTP Access Policy Type [Here](https://docs.keeper.io/en/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/http-access-policy-type).

### Custom (Custom)

Used for specialized internal workflows or integrations. Common pattern:

* Set `PolicyType` to `"Custom"`
* Add custom fields required by the consuming component

Read more about Custom Policy Type [Here](https://docs.keeper.io/en/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/custom-policy-type).

### Tips and troubleshooting

#### Keep targeting in the UI when possible

Use the standard editor for targeting whenever it’s available. Then use JSON edits only for the extra fields you need.

#### Validate JSON formatting

A missing quote, bracket, or comma can prevent the policy from saving or being processed correctly. If a save fails, revert to the last known-good JSON and re-apply changes slowly.

#### Prefer small rollouts first

When changing `PolicyType` or adding new JSON keys, start with a small test collection before applying it broadly.

#### Document internal schemas for customers

If a policy type relies on a specific JSON schema (especially `Custom`), consider publishing:

* Required keys and allowed values
* A copy/paste example payload
* How customers verify success (logs, audit events, endpoint behavior)