> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goguardian.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Understand Filtering Policies

> What a GoGuardian Admin filtering policy is, how policies are assigned and inherited across organizational units, how precedence and Restrictive Mode affect conflicts, and how to import and export policy CSVs.

A policy is a collection of web filtering rules that you apply to groups of users through organizational units (OUs). Policies are the main unit of control in GoGuardian Admin.

Each policy contains four sections:

* A **Website URLs** section that filters websites and URLs directly.
* A **Website Categories** section that filters websites by category.
* A **YouTube** content filter.
* A **Chrome Apps & Extensions** filter.

## Assign Policies to Organizational Units

You apply a policy by assigning it to an organizational unit on the [Filtering → Policies page](https://admin.goguardian.com/policy/assign/in-school). A policy applied to a parent OU is automatically inherited by all of its sub-OUs.

<img src="https://mintcdn.com/goguardian/ycO0mbOgXcLhmT-j/images/screenshots/filtering-policies/step-01.png?fit=max&auto=format&n=ycO0mbOgXcLhmT-j&q=85&s=c015f7456b961856372d3c0fd18b1fda" alt="Assign Policies to Organizational Units" width="2928" height="1602" data-path="images/screenshots/filtering-policies/step-01.png" />

## Review Permission Requirements

Applying or editing a policy requires **Filter & Monitor** or **Full Access** permissions in GoGuardian Admin. Users with **Monitor Only** can view which policies are assigned and their contents, but cannot edit or assign them.

<Note>
  If a user sees an uneditable, greyed-out policy, the policy is applied to an org unit that the user does not have Admin OU access to. Super Users can edit user account permissions to update access and permission levels. See [User Roles, Permissions, and OU Access](/products/org-management/user-roles-and-permissions).
</Note>

<img src="https://mintcdn.com/goguardian/ycO0mbOgXcLhmT-j/images/screenshots/filtering-policies/step-02.png?fit=max&auto=format&n=ycO0mbOgXcLhmT-j&q=85&s=672759a5eb4c94f441a71f79af7b7913" alt="Review Permission Requirements" width="480" height="134" data-path="images/screenshots/filtering-policies/step-02.png" />

## Understand Policy Inheritance

When a policy is applied to an OU, all of its sub-OUs inherit the policy. For example, a policy assigned to the top (domain) level OU filters every user in your organization.

Policy inheritance cannot be disabled, but you can overwrite inherited rules by adding specific allow or block rules to the **Website URLs** section of a locally applied (Assigned) policy. When rules conflict, Assigned policies take precedence over inherited policies.

**Example:** if an inherited default policy allows `amazon.com`, but a policy assigned to the "5th grade" OU blocks the E-commerce category, `amazon.com` is blocked for users in the 5th grade OU despite the inherited allow rule.

GoGuardian recommends stacking as few policies as possible — ideally no more than two. In a typical structure:

* **Policy A** is applied at the root/domain level with baseline rules appropriate for all students.
* **Policy B** is applied at the High School OU; freshmen, sophomores, juniors, and seniors all inherit it.
* **Policy C** is applied to the Freshman OU; only students in that OU receive its rules.

<img src="https://mintcdn.com/goguardian/ycO0mbOgXcLhmT-j/images/screenshots/filtering-policies/step-03.png?fit=max&auto=format&n=ycO0mbOgXcLhmT-j&q=85&s=73627d429f12ce82e9b022f0ad713930" alt="Flow chart of different Policies assigned to OUs" width="1639" height="759" data-path="images/screenshots/filtering-policies/step-03.png" />

## Review Policy Precedence and Priority

When multiple policies are inherited from different levels, they effectively merge and have equal priority, and a locally Assigned policy takes precedence over them:

`Policy A = Policy B < Policy C`

For example, if the Freshman OU has Policy A and Policy B inherited from its parent OUs ("High School" and "District.org") plus an Assigned Policy C, then when rules conflict, Policy C takes precedence because it is the Assigned policy. In the product, Assigned and Inherited policies are labeled so you can distinguish them.

<img src="https://mintcdn.com/goguardian/ycO0mbOgXcLhmT-j/images/screenshots/filtering-policies/step-04.png?fit=max&auto=format&n=ycO0mbOgXcLhmT-j&q=85&s=5747baffbaded6aaff6a7d4b695c618d" alt="Freshman OU having three Policies assigned" width="1639" height="86" data-path="images/screenshots/filtering-policies/step-04.png" />

<img src="https://mintcdn.com/goguardian/ycO0mbOgXcLhmT-j/images/screenshots/filtering-policies/step-05.png?fit=max&auto=format&n=ycO0mbOgXcLhmT-j&q=85&s=ab95f60d4713b9a1fb353cae77f5c57c" alt="GoGuardian Admin Policies demonstrating an &#x22;assigned&#x22; and &#x22;inherited&#x22; Policy" width="2066" height="950" data-path="images/screenshots/filtering-policies/step-05.png" />

## Understand Restrictive Mode

Enabling Restrictive Mode in a policy blocks **all** websites and URLs except those explicitly allowed in the **Website URLs** section.

If an Assigned policy has Restrictive Mode enabled, its priority is reduced to equal that of an inherited policy. Websites explicitly allowed in any other inherited policy remain allowed for that OU even if the Assigned policy has a conflicting block rule.

<Note>
  This is the only exception to Assigned policies carrying higher priority than inherited policies. It prevents an Assigned policy with Restrictive Mode from effectively ignoring all other policies applied to that org unit.
</Note>

<img src="https://mintcdn.com/goguardian/ycO0mbOgXcLhmT-j/images/screenshots/filtering-policies/step-06.png?fit=max&auto=format&n=ycO0mbOgXcLhmT-j&q=85&s=42b4f820d2d36db93be4bd3e8817bf88" alt="Policy showing Restrictive Mode toggled on under Website URLs" width="2920" height="1458" data-path="images/screenshots/filtering-policies/step-06.png" />

## Import and Export Policy CSVs

**Export a CSV.** Export any policy to a CSV with the **Export as CSV** option on a policy page. The export contains all blocked and allowed Website URL rules in the policy, but does **not** include Website Category, YouTube, or Apps & Extensions settings.

**Import a CSV.** Upload a CSV to any policy to bulk-add blocked and allowed Website URL rules and YouTube videos. Click the kebab (three-dot) menu on the right side of the policy and choose **Import URLs or Videos**. Follow the CSV import requirements for blocked and allowed sites when preparing your file.

<img src="https://mintcdn.com/goguardian/ycO0mbOgXcLhmT-j/images/screenshots/filtering-policies/step-07.png?fit=max&auto=format&n=ycO0mbOgXcLhmT-j&q=85&s=a20d652e107a421b246cbeceb6b48438" alt="Import and Export Policy CSVs" width="2164" height="1130" data-path="images/screenshots/filtering-policies/step-07.png" />

<img src="https://mintcdn.com/goguardian/ycO0mbOgXcLhmT-j/images/screenshots/filtering-policies/step-08.png?fit=max&auto=format&n=ycO0mbOgXcLhmT-j&q=85&s=1b1e3ca0e7f9f2d3c9ade3cf00a60cf2" alt="Import and Export Policy CSVs" width="1646" height="718" data-path="images/screenshots/filtering-policies/step-08.png" />

## Resources

<CardGroup cols={2}>
  <Card title="Create a Filtering Policy" href="/products/admin/create-a-filtering-policy">
    Use this workflow when you need a new policy instead of a quick exception.
  </Card>

  <Card title="Block and Allow Websites" href="/products/admin/block-and-allow-websites">
    Add allow and block rules to a policy's Website URLs section.
  </Card>

  <Card title="Configure YouTube Filtering" href="/products/admin/youtube-filtering">
    Filter YouTube channels, videos, keywords, and playback behavior.
  </Card>

  <Card title="A Site Is Blocked Unexpectedly" href="/products/admin/site-blocked-unexpectedly">
    Start here when the observed result does not match the policy you expected.
  </Card>
</CardGroup>
