I would like to know a single platform for upgrading and updating macOS with standard user permissions. Does anyone use a single platform for M1/M2 & Intel Mac in their environment?
In This case you can use "Privileges" app in User's account. This would help us to enter there login credentials for certain period of time.
It's on my wishlist that, much like adding users to the _developer group of yore, Apple provide some group(s) - maybe _osgraders/_osupdaters to which we could add user accounts and they would then have all necessarily permissions to upgrade/update macOS but not install other software or run admin / sudo root commands. It's not like Apple doesn't know what all needs that, you'd think they could whip up an entitlement list pretty quickly.