Skip to main content
Question

Allowing access to System Preferences > Security -> Privacy

  • June 3, 2015
  • 7 replies
  • 125 views
bpavlov
Forum|alt.badge.img+18

I am looking to allow non-admins to be able to access System Preferences > Security -> Privacy. I'd even settle for just System Preferences > Security.

I've tried the following in OS X 10.10

security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.security allow

Also tried:

security authorizationdb write system.preferences allow
security authorizationdb read system.preferences.security > /path/to/test.plist
default write /path/to/test.plist shared -bool true
security authorizationdb write system.preferences.security < /path/to/test.plist

I also did a dump of the entire sqlite3 db to a text file using:

sqlite3 /var/db/auth.db .dump > /path/to/auth.txt

But I'm not finding anything else that seems relevant.

I've read the post by @rtrouton :
https://derflounder.wordpress.com/2014/02/16/managing-the-authorization-database-in-os-x-mavericks/

And checked out this very well compiled list here of : http://www.dssw.co.uk/reference/authorization-rights/index.html

I'm missing something, just not sure what it is.

EDIT: Fixed a typo.

      7 replies

      bpavlov
      Forum|alt.badge.img+18
      • bpavlov
      • Author
      • Esteemed Contributor
      • June 4, 2015

      Still testing and I'll see how granular I can get, but this seems to do it:

      security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.security allow
security authorizationdb write com.apple.DiskManagement.reserverKEK allow
security authorizationdb write com.system.services.directory.configure allow

      Only happened to notice this because I read the authentication prompt and after the first two commands it was looking to modify an encrypted disk which then led me to google a bit further as there were a few disk-related options. Eventually ran into this article which explained a bit more: http://hints.macworld.com/article.php?story=2011081907185974

      A
      Forum|alt.badge.img+14
      • Aziz
      • Contributor
      • September 30, 2015

      @bpavlov Did you ever get this working?

      I've tried the following without success.

      security authorizationdb write system.preferences.SecurityPrivacy allow
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.security allow
security authorizationdb write com.apple.DiskManagement.reserverKEK allow
security authorizationdb write com.system.services.directory.configure allow
      bpavlov
      Forum|alt.badge.img+18
      • bpavlov
      • Author
      • Esteemed Contributor
      • October 1, 2015

      @Abdiaziz That's as far as I got unfortunately. I did ask on another mailing list when I was looking at this and Richard Glaser pointed me here:
      https://github.com/univ-of-utah-marriott-library-apple/privacy_services_manager
      However I had other urgent things to tend to. I've been meaning to get back to it but it isn't a priority.

      A
      Forum|alt.badge.img+14
      • Aziz
      • Contributor
      • October 1, 2015

      Thanks @bpavlov, I'll try this out when I get the chance and report back.

      A
      Forum|alt.badge.img+14
      • Aziz
      • Contributor
      • October 6, 2015

      @bpavlov

      Privacy Services Manager worked! It gave me the option to add applications to "Accessibly".

      https://github.com/univ-of-utah-marriott-library-apple/privacy_services_manager

      Example:

      sudo /usr/local/bin/privacy_services_manager.py add accessibility Read&Write Gold

      For some reason, I get an error when adding Maps to the Location Services. Gotta look into that.

      N
      Forum|alt.badge.img+2
      • normanchan
      • New Contributor
      • January 11, 2017

      @bpavlov @Aziz

      Sorry to bump an old thread but I was wondering if either of you have found a way to leverage security authorizationdb to allow non-admin accounts the ability to view Security & Privacy > Privacy.

      I'm trying to avoid implementing Privacy Services Manager if there's a more native way to do so.

      Thanks in advance!

      J
      Forum|alt.badge.img+8
      • jimmy-swings
      • Valued Contributor
      • March 5, 2018

      Hi @normanchan @bpavlov @Aziz - any luck in this space?

      Terms & ConditionsCookie settingsAccessibility statement