Posted on 02-11-2018 06:57 PM
We're looking to move multiple VPP accounts into JSS and would like to allow those staff responsible for their sections access to JSS so they can manage the entire process from purchasing in Apple VPP through to deployment to their iPads.
Can this be done?
I'm not sure which privileges I should be giving to allow this without allowing access to everything. Is there a spreadsheet or something similar available that would help with this?
Solved! Go to Solution.
Posted on 02-12-2018 07:33 AM
As a baseline you'll need the following:
Read access to Mobile Devices
Full access to Mobile Device Apps
Create* and Read access to VPP Admin Accounts
Aside from those, I'd recommend giving access to User and Mobile Device groups, at your discretion, depending on how you intend to scope your apps.
Posted on 02-12-2018 07:33 AM
As a baseline you'll need the following:
Read access to Mobile Devices
Full access to Mobile Device Apps
Create* and Read access to VPP Admin Accounts
Aside from those, I'd recommend giving access to User and Mobile Device groups, at your discretion, depending on how you intend to scope your apps.
Posted on 02-13-2018 11:22 AM
Thanks for that I'll give those settings a go.
Posted on 02-13-2018 12:11 PM
I would recommend a more centralized approach. Depending on how many people have the ability to add apps to the JSS it can get out of control fast. In our situation we have applications duplicated 20 times because 20 different campuses want to use it. With multiple people adding applications the vetting process is not easily enforced. We are currently at 5539 apps in the JSS with a huge number of duplicates.