Allow Standard users to change Network, Power/Battery, Privacy/Security, and Printing settings?

New Contributor III

I'd like to find a way to allow users to change the following things, either without a password or using their own, instead of needing admin rights.

  • Power settings, like how long before turning off the display on battery or power adapter
  • Network settings, like changing wi-fi networks Auto-Join setting
  • Printing settings, like updating Options and Supplies (this only started asking for an admin password since I think Ventura)
  • Privacy and Security, like adding an app to Accessibility.

Does anybody know a good way to do this? I wish the config profiles were a bit more like GPOs in this regard because I suspect I need a script instead of a checkbox.




This sort of thing can be achieved by manipulating the SQL database stored at:


However the is not the recommended way to do this. The proper and supported way is to use the security authorization command and switches.

Hope that helps.



@mschlosser wrote:

The proper and supported way is to use the security authorization command and switches.

Can you expand on this? Or do you just mean using admin credentials when clicking the padlock on the settings pages?

more info is available here:


Also man security is a decent read in terminal.


I've got a script going, but at least in Sonoma and Ventura, none of it seems to be taking effect. Anything I'm missing here, or are things just broken in the newer OSes?


#system preferences
security authorizationdb write authenticate-session-owner-or-admin
security authorizationdb write system.preferences.accessibility authenticate-session-owner-or-admin
security authorizationdb write system.preferences.energysaver allow
security authorizationdb write system.preferences.printing allow
security authorizationdb write system.preferences.datetime authenticate-session-owner-or-admin

security authorizationdb write system.printingmanager allow
security authorizationdb write system.print.admin allow
security authorizationdb write system.print.operator allow

#potential force restart and shutdown if other users logged in
security authorizationdb write system.restart allow
security authorizationdb write system.shutdown allow

exit 0

I'm using something like this 

/usr/bin/security authorizationdb write allow