Hello, my company is planning to demote our admin users to standard users. I've found a way for them to run sudo commands without admin, but I need a way for them to update third party apps without administrator credentials.
The only thing that I could come up with is a script that allows me to plug in an app name as a parameter, then moves it to /Users/$3/Applications.
I've also look it into the make me admin app, but my SecOps teams doesn't want anyone to have admin rights.
Do these actually have to be updated by the user directly? Or can they be something put into Self Service like patches? Because being able to install updates is one of the reasons why you would use Self Service. It doesn't require that anyone be a local admin since it handles all the admin authentication stuff in the background.
If you're not using Self Service and you are planning on demoting users from admin to standard, I would highly recommend looking at making use of it.
Hey @PayFit, I spoke to macmule about this a couple of months ago on Slack. he suggested using jamJar. Unfortunately, I don't have the time to configure Munki. My team is now looking into using Cyberark EPM to manage application permissions. So far, it seems to be what we need.
jamJar also looks promising as well. If you have the time to configure it. Here the link to the Github overview: https://github.com/dataJAR/jamJAR/wiki