Allowing access to System Preferences > Security -> Privacy

bpavlov
Honored Contributor

I am looking to allow non-admins to be able to access System Preferences > Security -> Privacy. I'd even settle for just System Preferences > Security.

I've tried the following in OS X 10.10

security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.security allow

Also tried:

security authorizationdb write system.preferences allow
security authorizationdb read system.preferences.security > /path/to/test.plist
default write /path/to/test.plist shared -bool true
security authorizationdb write system.preferences.security < /path/to/test.plist

I also did a dump of the entire sqlite3 db to a text file using:

sqlite3 /var/db/auth.db .dump > /path/to/auth.txt

But I'm not finding anything else that seems relevant.

I've read the post by @rtrouton :
https://derflounder.wordpress.com/2014/02/16/managing-the-authorization-database-in-os-x-mavericks/

And checked out this very well compiled list here of : http://www.dssw.co.uk/reference/authorization-rights/index.html

I'm missing something, just not sure what it is.

EDIT: Fixed a typo.

7 REPLIES 7

bpavlov
Honored Contributor

Still testing and I'll see how granular I can get, but this seems to do it:

security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.security allow
security authorizationdb write com.apple.DiskManagement.reserverKEK allow
security authorizationdb write com.system.services.directory.configure allow

Only happened to notice this because I read the authentication prompt and after the first two commands it was looking to modify an encrypted disk which then led me to google a bit further as there were a few disk-related options. Eventually ran into this article which explained a bit more: http://hints.macworld.com/article.php?story=2011081907185974

Aziz
Valued Contributor

@bpavlov Did you ever get this working?

I've tried the following without success.

security authorizationdb write system.preferences.SecurityPrivacy allow
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.security allow
security authorizationdb write com.apple.DiskManagement.reserverKEK allow
security authorizationdb write com.system.services.directory.configure allow

bpavlov
Honored Contributor

@Abdiaziz That's as far as I got unfortunately. I did ask on another mailing list when I was looking at this and Richard Glaser pointed me here:
https://github.com/univ-of-utah-marriott-library-apple/privacy_services_manager
However I had other urgent things to tend to. I've been meaning to get back to it but it isn't a priority.

Aziz
Valued Contributor

Thanks @bpavlov, I'll try this out when I get the chance and report back.

Aziz
Valued Contributor

@bpavlov

Privacy Services Manager worked! It gave me the option to add applications to "Accessibly".

https://github.com/univ-of-utah-marriott-library-apple/privacy_services_manager

Example:

sudo /usr/local/bin/privacy_services_manager.py add accessibility Read&Write Gold

For some reason, I get an error when adding Maps to the Location Services. Gotta look into that.

normanchan
New Contributor II

@bpavlov @Aziz

Sorry to bump an old thread but I was wondering if either of you have found a way to leverage security authorizationdb to allow non-admin accounts the ability to view Security & Privacy > Privacy.

I'm trying to avoid implementing Privacy Services Manager if there's a more native way to do so.

Thanks in advance!

jimmy-swings
Contributor II

Hi @normanchan @bpavlov @Aziz - any luck in this space?