I think Apple has the best sandbox UX. By default sandboxed apps have access to zero of your files. It can’t even see they exist. It’s only granted access to any file/directory the user manually selects through a system UI - opening through file type associations, the open/save dialogs, or drag & drop. This means that access is given seamlessly, there aren’t any prompts, and the user doesn’t even realize there’s a sandbox. If the program wants to manage a project, just have the user select the folder and all the sub-contents are also granted.
I think Apple has the best sandbox UX. By default sandboxed apps have access to zero of your files. It can’t even see they exist. It’s only granted access to any file/directory the user manually selects through a system UI - opening through file type associations, the open/save dialogs, or drag & drop. This means that access is given seamlessly, there aren’t any prompts, and the user doesn’t even realize there’s a sandbox. If the program wants to manage a project, just have the user select the folder and all the sub-contents are also granted.