Grant granular access to Jamf to only view/access FV keys?

New Contributor II

To give you background, our warehouse/depot workers receive machines that have been out in the field but once in a while, the users have a "legal hold" on their device returns because of the type of job they have/had.

Our policy is that the warehouse/depot needs to keep these devices until they can get the data off the drives, then they can redeploy.

The question/ask here is: is there a way to grant a user limited access to view the FV key of a machine?

Currently running Pro 10.8. Thank you


New Contributor

It would appear like yes, but it also depends on what all you are attempting to keep hidden, You would be able to set the user to have Read Only on the computers in the "JAMF Pro server objects" and then in "JAMF Pro server actions" put a check in "View Disk Encryption Recovery Key" This should let them only be able to let them view the FV2 key and the most basic of information from the inventory that JAMF gets. I would defiantly test it out before just rolling out the settings.

Valued Contributor

set the Privilege Set to "Custom" under Settings --> System Settings --> Jamf Pro User Accounts & Groups for a new or existing user. You'll have to go an de-select what you don't want the user to access, but you can scope the access to just "View Disk Encryption Recovery Key" as @cody.anderson mentions