Skip to main content
Solved

Question about creating PPPC profile for full disk access

  • July 24, 2025
  • 2 replies
  • 178 views

Forum|alt.badge.img+5

Hello all,

I created a PPPC config profile to grant OneDrive full disk access.  Jamf Pro says the config profile is successfully installed on my test Mac, but when I check Privacy & Security → Full Disk Access it shows that OneDrive does not have full disk access.  Is it normal for this change not to reflect in settings or am I missing something/doing something wrong?  

For clarification I have made the config profile directly in Jamf Pro and using the Jamf PPPC utility and uploading the config profile into Jamf Pro afterwards.

 

Thanks!

Best answer by naschenbrenner

When explicitly allowing Full Disk Access to an application you won’t see it reflected in System Settings. You can check that it’s working by enabling Full Disk Access for your terminal and then running the command:

sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \
'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles"'

This will list all app identifiers that have Full Disk Access. This command won't work if terminal doesn’t have Full Disk Access itself, so just keep that in mind. 

2 replies

naschenbrenner
Forum|alt.badge.img+10
  • Contributor
  • Answer
  • July 24, 2025

When explicitly allowing Full Disk Access to an application you won’t see it reflected in System Settings. You can check that it’s working by enabling Full Disk Access for your terminal and then running the command:

sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \
'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles"'

This will list all app identifiers that have Full Disk Access. This command won't work if terminal doesn’t have Full Disk Access itself, so just keep that in mind. 


Forum|alt.badge.img+5
  • Author
  • Contributor
  • July 24, 2025

When explicitly allowing Full Disk Access to an application you won’t see it reflected in System Settings. You can check that it’s working by enabling Full Disk Access for your terminal and then running the command:

sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \
'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles"'

This will list all app identifiers that have Full Disk Access. This command won't work if terminal doesn’t have Full Disk Access itself, so just keep that in mind. 

This is exactly what I was looking for.  Thanks!