Help

Limit policy to smart user group?

danny_hanes
Contributor

Posted on ‎03-05-2015 10:33 AM

Is there any way to limit a policy based on a user group created in Casper? Right now I can only limit based on LDAP groups but it would be awesome if I could create static / smart groups and then limit a policy to those users.

0 Kudos
Reply
5 REPLIES 5

RobertHammen
Valued Contributor II

Posted on ‎03-05-2015 01:55 PM

Just to clarify, you're talking about the Limitations tab in the policy scope, which typically gives you the option for Network Segments or iBeacons?

If you're not, I have complex Smart Groups which involve things such as "member of static group" AND "does not have x installed", and further scope those by Network Segment...

0 Kudos
Reply

danny_hanes
Contributor

Posted on ‎03-06-2015 07:11 AM

Yes, I am talking about the limitations in the policy scope. I am trying to create a static user group under the users tab in the JSS and I would like to limit policies based on that user group. I am trying to create a "early adopters" group where anyone in that group could log into self service and have access to additional policies that normally their machine would not see.

0 Kudos
Reply

RobertHammen
Valued Contributor II

Posted on ‎03-06-2015 08:33 AM

Create the Static Group THEN a separate Smart Group. Under the Smart Group's criteria, among other options, have Group Membership point to that Static Group?

If you want to change to production, just edit the Smart Group and remove the criteria?

This brings out how it's a PITA to edit complex Smart Group criteria (this AND this AND this), which I would hope JAMF will eventually enhance, but this seems do-able...

0 Kudos
Reply

Chris_Hafner
Valued Contributor II

Posted on ‎03-10-2015 07:46 AM

There are many ways to accomplish this depending on how you mange your current SMART groups, EAs and/or static groups. You're right though, it is tedious. I tend not to like static groupings for multiple reasons but sometimes find them necessary. Also, just so you know there are feature request under review asking for the ability to set policy scopes by LDAP group/user privs.

0 Kudos
Reply

dooley_do
New Contributor

Posted on ‎09-23-2015 07:46 AM

I am also interested in this, I would like to apply an OS X policy with software restrictions, but only for certain users. I cannot see how to do this as you can't see to scope policies to user smart or user static groups...

Thanks

0 Kudos
Reply