I'm currently testing JamfConnect in preparation for deploying across my organisation (approx 50 devices).
I'm having issues with the privilege escalation component in particular.
- User starts the workflow as a Standard (non admin) user. User cannot execute sudo jamf recon, receives the error message "Sorry, user test.x.user is not allowed to execute '/usr/local/bin/jamf recon' as root on <hostname>". This is expected as user is still a standard non-admin user
- User requests privilege elevation via Jamf Connect menu bar. User authenticates with Jamf Connect, provides a justification/rationale for elevation. User is now an Admin user in System Settings > Users and Groups, and menu bar shows that the user has 10 mins of elevated privileges
- User attempts again to execute sudo jamf recon, but still receives the same error message as if they have no administrator privileges
- User ends the privilege elevation session, they are then bumped back down to a Standard User according to Users & Groups settings menu
My MenuBar config profile contains the following:
<key>TemporaryUserPermissions</key>
<dict>
<key>TemporaryUserPromotion</key>
<true/>
<key>UserPromotionBiometrics</key>
<true/>
<key>UserPromotionDuration</key>
<integer>10</integer>
<key>UserPromotionReason</key>
<true/>
<key>VerifyUserPromotion</key>
<true/>
</dict>
Any thoughts on what may be ocurring here? It seems really strange that the User & Groups system settings menu reflects the users elevated permissions, but in reality the user does not actually get those elevated permissions...
Thanks!
Andrew
