Jamf Nation Community

tcandela · ‎01-24-2015

How do I add CASPER ADMIN for a site administrator? I want to allow them access to it so they can upload pkg/dmg's, create configurations for their site and also see what currently is available.

it has RECON, IMAGING, and CASPER REMOTE, but NOT CASPER ADMIN .

thanks

rderewianko · ‎01-24-2015

This can be done by going to:
Management Settings -> System Settings -> Users and groups, selecting a user and giving them Casper Admin privileges. They'll also need permissions to add packages through JSS objects.

tcandela · ‎01-26-2015

The user has administrator privilege to the site, but there is no area to add CASPER ADMIN to the users privileges.
All I see for this user account is
-- jss objects
-- jss actiona
-- recon
-- Casper remote
-- Casper imaging

There is no place that I see to add CASPER ADMIN for this user

calumhunter · ‎01-26-2015

as far as i am aware this is correct. only a full admin can access casper admin.

tcandela · ‎01-26-2015

the user i am trying to give access to CASPER ADMIN is an administrator of his site. not sure why casper admin is not available

Report Inappropriate Content · ‎01-26-2015

Sites is a fairly new feature in Casper and it's only been around since version 9.x, so there are some things that don't work as expected in that regard. I would surely recommend adding a feature request for this. That being said, there are a few ways to resolve this. One way is to setup a JDS so that the site admin can upload packages from the browser and doesn't have to bother with the Casper Admin app. Unfortunately, u can't upload shell scripts (unless u zip them up beforehand) using the JDS, so there's that as a limiting factor. The other way is to create a group granting it Casper Admin permissions and have your Site Admin be a member of that group. That should allow him to manage his/her site and use Casper Admin.

calumhunter · ‎01-26-2015

A site admin is not the same as a full admin.
Site admins do not have access to Casper Admin, this is by design in the current version of casper suite.
The Casper Admin application is Global and effects all sites, so a site admin does not and should not have access to casper admin as they would then have access to packages that belong to other sites for example. I would like to see casper admin have the ability to only show packages for that site, but there is a fair bit of under the hood work to get to that point. Not to mention the fact that you still can't use casper admin on more than one machine at a time. So really we need to get rid of the casper admin app and go full web app with multiuser functionality or something similar

already FR's for this
https://jamfnation.jamfsoftware.com/featureRequest.html?id=1794

https://jamfnation.jamfsoftware.com/featureRequest.html?id=1352

tcandela · ‎01-27-2015

hey SHAIDAR - looks like Jamf has that covered, you cannot create a group that would give a site admin access to casper admin.

Report Inappropriate Content · ‎01-28-2015

You have one ldap group (Group A) that has access to Casper Admin.
You have another ldap group (Group B) that has site access.
You have Group B be a member of Group A.

Report Inappropriate Content · ‎03-04-2015

After a bit of testing, the best approach to provide Site Admins access to Casper Admin is the following:

Group A -> Site Access with custom privileges (since it's site access, Casper Admin isn't even part of the privileges tab)
Group B -> Full Access with custom privileges - Only add Casper Admin privileges and it'll automatically add the needed privileges under JSS Objects.

Make Group A and all other site admin groups members of Group B.

tcandela · ‎03-05-2015

I'll test this this weekend

matt4836 · ‎03-18-2015

I can confirm this is the method. However in 9.65 there is a defect about creating Standard Groups. You can not add any members to them. The work around is to use LDAP groups.

You can ONLY concatenate permissions with groups. Having an LDAP user and LDAP group does NOT work.

Create a group: LDAP_Casper_Admin_Access
Site Access: Full Access
Permissions: Custom
Casper Admin > All
If you need enable Disk Encryption Settings in the JSS Objects tab.

Create another group: LDAP_Casper_SITENAME_Acess
Site Access: Site in questions
Permissions: Administrator

If the user is in both groups, when they log into the JSS they will see the site drop down next to users in the top navigation bar. When in "Full JSS" They will be able to go to Computer Management and use the Packages, Scripts and other functions. They can also use Casper Admin. They will only have access to the Computers, policies and other objects assigned to that site.

mazarothit · ‎03-27-2015

Hi Matt4836,

How do you accomplish having an LDAP group WITHOUT having an LDAP user?

I have the 2 groups as instructed and the user is a member of both groups.

When the user exists as an LDAP user in the JSS users he can log into our JSS
When the user does not exist an an LDAP user in the JSS, but IS a member of the groups he is unable to login.

matt4836 · ‎03-27-2015

Sounds like your group membership mapping is off. If you test your ldap connection does it say the user is a me member of the group?

Jamf Nation Community

ADD casper admin for Site administrator