# Advanced Policy Types

<figure><img src="/files/L5O6dX6A7R87qCYdSoU7" alt=""><figcaption></figcaption></figure>

The **Advanced** **Mode** in the Policy form lets you view and edit the **raw JSON** for a policy. This is used when you need to configure settings that aren’t exposed in the standard form fields, or when you need to set a policy’s underlying `PolicyType` directly.

<figure><img src="/files/eShKQs9cpsD4M0QmWdNu" alt=""><figcaption></figcaption></figure>

## When to use Advanced Mode

Use the Advanced Mode when you need to:

* Set a policy to a type that isn’t selectable in the UI (for example: `SettingsUpdate`, `JobUpdate`, `HttpAccess`, `Custom`)
* Provide structured configuration payloads (for example: a JSON string used by the endpoint processor)
* Add or modify fields that are not available in the standard policy editor

## What you’ll see in the JSON

While the exact structure can vary by policy type and platform, the JSON typically includes:

* **Policy metadata**
  * Name, description, and identifiers
* **Targeting**
  * The users, machines, applications, platforms, or collections that the policy applies to
* **Policy type**
  * A `PolicyType` field that identifies how the agent evaluates the policy
* **Policy configuration**
  * One or more objects containing the settings for that policy type (commonly an `Extension` object for configuration-driven policy types)

## How changes in JSON affect the policy

Edits in the Advanced Mode can:

* Change how the policy is interpreted by endpoints (for example, changing `PolicyType`)
* Add configuration that endpoints require for enforcement or processing
* Override or replace values configured in the standard UI fields (depending on the policy)

Because the JSON is authoritative, it’s important to treat it like a configuration file: small mistakes can prevent a policy from applying as expected.

## Step-by-step: Using the Advanced Mode safely

1. Create a policy using any available policy type in the standard UI (this provides a valid baseline structure).
2. Configure **Targeting** in the UI first (collections/users/machines/apps/platforms).
3. Open the **Advanced** tab.
4. Copy the full JSON and save it somewhere safe (so you can revert if needed).
5. Make the smallest change required:
   * Set `PolicyType` to the desired value
   * Add or update the required configuration object(s) (for example, `Extension`)
6. Save the policy.
7. Validate behavior on a small test scope before rolling out broadly.

## Common Advanced Mode use cases

### Update Settings (SettingsUpdate)

Used to push plugin or agent configuration to endpoints. Common pattern:

* Set `PolicyType` to `"SettingsUpdate"`
* Provide an `Extension` that identifies what to update and includes a full JSON payload to write

Read more about Update Settings Policy Type [Here](/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/update-settings-policy-type.md).

### Update Jobs (JobUpdate)

Used to add/update/delete job JSON on endpoints. Common pattern:

* Set `PolicyType` to `"JobUpdate"`
* Provide an `Extension` with `JobId`, `Action`, and (for add/update) a full `JobJson` payload

Read more about Update Jobs Policy Type [Here](/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/update-jobs-policy-type.md).

### HTTP Access (HttpAccess)

Used to evaluate and enforce outbound web access rules. Common pattern:

* Set `PolicyType` to `"HttpAccess"`
* Provide URL matching rules and any associated allow/deny behavior fields required by your implementation

Read more about HTTP Access Policy Type [Here](/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/http-access-policy-type.md).

### Custom (Custom)

Used for specialized internal workflows or integrations. Common pattern:

* Set `PolicyType` to `"Custom"`
* Add custom fields required by the consuming component

Read more about Custom Policy Type [Here](/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/custom-policy-type.md).

## Tips and Troubleshooting

### Keep targeting in the UI when possible

Use the standard editor for targeting whenever it’s available. Then use JSON edits only for the extra fields you need.

### Validate JSON Formatting

A missing quote, bracket, or comma can prevent the policy from saving or being processed correctly. If a save fails, revert to the last known-good JSON and re-apply changes slowly.

### Prefer Small Rollouts First

When changing `PolicyType` or adding new JSON keys, start with a small test collection before applying it broadly.

### Document Internal Schemas for Customers

If a policy type relies on a specific JSON schema (especially `Custom`), consider publishing:

* Required keys and allowed values
* A copy/paste example payload
* How customers verify success (logs, audit events, endpoint behavior)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.