Privileged Access to techs

Question

What is the optimal or preferred way to grant access to others who do not need full admin priveleges.

For example, they don't need to:

upload: packages, scripts, icons
modify: policies, profiles, smart groups, self-service etc
make any additional changes to the infrastructure or computers

What we would like them to be able to do:

Find computers for their building or support group
View FileVault keys for their computers (not all users computers)
Sign in to self-service to run tools designated to techs.

Sites may not be the ideal method and may complicate things if I'm understanding sites correctly, we have all of our companies buildings in Jamf (many across the globe) so perhaps referencing that.

sdagley · Answer

@walt If you're using AD you can create a group in AD containing your techs, then in the JSS prefs panel &#034;Jamf Pro User Accounts & Groups&#034; you can create a new Jamf Pro user group from that AD group using the Add LDAP Group option. Use Privilege Set->Custom to set exactly what privileges you want them to have.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded