Jamf Nation Community

Its true you can only choose a single site for a policy. I also see this as a strange limitation, but in some cases there's a simple workaround.
If you created all your Sites from your Buildings when you first added Sites, you can simply go into Scope, click +Add, then click on the Buildings tab and all your Buildings will be there with "Add" buttons next to each. Select the ones you want as the Scope targets. So in essence, if your Sites are only created from buildings, its possible to do this in a roundabout way.

However, if you manually create Sites and add Macs into them, you may be SOL on that front. Possibly a Feature Request to add Sites into the Scope Limitations tab. That should achieve a similar effect.

I must be getting confused. What is the actual purpose of "sites"?

You cannot assign a "Building", "Network Segment" or "Department" to a "Site". You can assign users to a "Site", permission restrictions can occur wether "Sites" are used or not.

"Smart Groups" and "Policies" seem to be the only area where "Sites" come into play for restriction, but then only these can be assigned to only one "Site" at a time.

If you assign a user to a "Site", unless you also assign a "Smart Group" or "Policy" to that "Site" this user then sees nothing available of created "Smart Groups" or "Policies" if these two have not also been assigned to that "Site".

IMO,

Sites were designed to fulfill a desire to create multiple administrators in a distributed environment that do not need access to the entire environment - but were not thought out completely, hence the inability to assign a policy to multiple sites or an administrator to multiple sites.

If you create your sites to mirror your buildings, then it starts to make more sense in terms of smart groups and policies (i.e.: most people, I would think, would have groups/policies assigned to a building, so now reassign them to the site, then you can assign a site admin). Sites do not seem to make any sense when thinking about multiple departments within a single location - it seems very tied to the physical location of clients rather than an abstract concept. I guess to me this makes sense as I don't see how having multiple logical sites within the same physical location would work very well anyway, and why would you want a limited admin (which I think was the entire purpose of having sites in the first place) to see things that aren't under their purview anyway?

That said, why a person can't be an admin for multiple sites but not all and a single policy can't be assigned to multiple sites is a mystery to me.

assigning admins to multiple sites with different permissions per site is currently possible and not that difficult with groups. seems like an odd concept right away but makes sense when you get it all created. create groups then make all users group accounts and you get your checkboxes to assign the sites.

I can definitely see value in the ease of implementation of having a checkbox to assign a policy to multiple sites, but i think theres possible risks with it as well. Admin at site A could modify a policy that effects site b and c if its the same policy. cloned policies aimed at specific sites wouldnt run that risk.

The reason this is an issue is because in the past we HAD to have users share policies in Casper if we only had a single JSS deployed. Now with sites we cannot unless we duplicate them all. It's a bad implementation.

Did this get made into a feature request?

Ignore that, found it and voted it up https://jamfnation.jamfsoftware.com/featureRequest.html?id=1401

This seems to be replicated by:
https://jamfnation.jamfsoftware.com/featureRequest.html?id=2017