Move generate policy
I would recommend to move the step of generating policy
# usbguard generate-policy > /etc/usbguard/rules.conf to the install or configuration section, like in the Red Hat Documentation: Using USBGuard, since this step is mandatory. Also the default
PresentDevicePolicy is to
apply-policy so if the you haven't generated rules the present devices will be blocked.
IPCAllowedGroups are marked as deprecated/legacy on the USBGuard documentation. It should be used
# usbguard add-user <NAME> [OPTIONS] throw the cli.