Jamf Nation Community

Would you mind sharing how you went about that?

Sure can and hopefully this is of help to you. Also to clarify on your original question as well, yes you can have another script running in the same policy as your application deployment. Would need to  make sure you set the script priority in the order you wish to run ie before and after. Alternatively if you need the script to run separately you could make use of a smart group that has criteria of checking Autodesk is installed. That could get a little messy if your script needs to run at the user level though. 

So there are 2 ways you can do the PPPC. Originally  I was manually obtaining bundle ID etc from terminal command line. I now use the PPPC utility as it takes a lot of the work out of it. 

Install the PPPC Utility on a test unit
Install the the application you need to set the permissions for 

Open PPPC utility 
Drag and drop the application into PPPC (this populates bundle info and permission options)

Set your permissions

Save file

Import to your JAMF instance

Example for AutoCAD 2022, keeping in mind I have not tried this out specifically for autoCAD. It may take a bit of trial and error with the keys to get exactly what you need. 

Org

com.autodesk.AutoCAD2022

Bundle ID

identifier "com.autodesk.AutoCAD2022" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = XXKJ396S2Y

Level

Computer

Properties

Admin Files Allow

Desktop Folder Allow 

Documents folder Allow -  this one 100% is needed

Full disk access Allow (you may not need this one but on most cad products it does prompt)

Post Events Allow

I really appreciate the detailed explanation. However, I tried it and that did not resolve the issue. It has to do with the local profile that PKG is deploying to. When installed on that profile the message pops up but on others it does not. I guess I can try contacting Autodesk and see if there's a command that can push that access to all users. Thanks again for the help.

Sorry to hear this did not help. Does seem odd it’s only the logged in account that installed the software is affected. Hopefully Autodesk have a solution for you.

Out of interest how are you deploying it? Are you using something like these scripts for deployment? I ask as we will be needing to do new versions AutoCAD for Mac soon too. Windows versions with the new changes for this year have held us up. 

Is there a script that will allow permission without giving it to everyone? Like it should automatically give the current user read and write instead of giving it to everyone. Since it affects the profile that AutoCAD is installed on. But once the permission for that specific user is given then you can open AutoCAD for all users.

I ran into this issue last week.  I don't know if you already found a solution but this is what I added in the install script.

sudo chown -R $USER /Users/$USER/Library/Application\ Support/Autodesk

This will make the currently log in user the owner of the folder.  You wouldn't want to give everyone read/write access to this folder as it's in the user home directory.