Help

Giving Computer information to users via a website but not giving ALL the information

nigelg
Contributor

Posted on ‎04-11-2014 09:23 AM

Hi all,

Apologies in advance if this has been covered already but I can't find anything too obvious on jamf nation.

What I want to do is let some of my support team have access to the great information about my fleet of macs that has been collected in the JSS in real time but I do not want to give them access to ALL the information.

For example I do not want them to be able to view the application usage information. I might not want them to be able to view all the computers, maybe just a subset.

To do this it looks like I would have to write my own website, pulling the information I want them to see out of the JSS Tomcat database myself. Is there any other way to approach this, is this a completely unique request that no one has ever wanted to pursue and if this is the only way to do it, has anyone already done it? I should also note that my experience writing websites that access databases is limited so this could be quite a steep learning curve! Still, I like a challenge..

0 Kudos
2 REPLIES 2

drew_duggan
New Contributor III
New Contributor III

Posted on ‎04-11-2014 01:02 PM

Would creating a custom privilege set for particular user/group not work? Just in the JSS >> System Settings >> JSS Users & Groups, then create a new user/group and selecting the "Custom" privilege set...and tick the boxes as appropriate. Depending on how you have that set up, you could then just clone that account(s) and update the information as needed. With subsets of the data that could get slightly tricky, but you could look into utilizing Sites in some capacity to limit it certain computers that are assigned to sites. It might be a simpler solution than creating a web app for it yourself.

0 Kudos

nigelg
Contributor

Posted on ‎04-14-2014 02:34 AM

No unfortunately the custom privileges are "all or nothing". I want users to be able to search for computers and view their room details and location, serial numbers, hardware specifications and what applications are installed. To allow them access to this information, I have to check the "read" box for "Computers"

Doing this opens all the computer information to users including Application usage history. I have a mix of computers attached to the JSS including both staff and student machines. I do not want unfettered access to view Application usage history which seems quite a reasonable request. Seems the only way to do this currently is to write my own website to pull the info out of the JSS database.

I could use the sites settings to separate the lab machines from the staff machines and give access to that but I want the technicians to be able to remotely assist the staff so any separation using sites would mean they would need 2 logins to the jss, one to remote to staff and the other to remote to students and view the records.

Maybe if I pull the info into SCCM and get more control over the information that way..

0 Kudos