The payload that configures the kernel extension policies.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
AllowNonAdminUserApprovals AllowNonAdminUserApprovals If `true`, nonadministrative users can approve additional kernel extensions in the Security & Privacy preferences.
Available in macOS 11 and later. | boolean | optional | false | ✓Yes | macOS (11.0+) |
AllowUserOverrides AllowUserOverrides If `true`, users can approve additional kernel extensions that configuration profiles don't explicitly allow. | boolean | optional | false | ✗No | macOS (10.13.2+) |
AllowedTeamIdentifiers AllowedTeamIdentifiers The array of team identifiers that define which validly signed kernel extensions can load. 1 subkey | array | optional | — | ✗No | macOS (10.13.2+) |
└─ Identifier AllowedTeamIdentifiersItem | string | — | ✗No | macOS (10.13.2+) | |
AllowedKernelExtensions AllowedKernelExtensions The dictionary that represents a set of kernel extensions that the system always allows to load on the computer. The dictionary maps team identifiers (keys) to arrays of bundle identifiers. 1 subkey | dictionary | optional | — | ✗No | macOS (10.13.2+) |
└─ ANY ANY The kernel extension data. 1 subkey | array | optional | — | ✗No | macOS (10.13.2+) |
└─ └─ AllowedKernelExtensionsItems AllowedKernelExtensionsItems Kernel extension data. | string | required | — | ✗No | macOS (10.13.2+) |
