Mut Permissions question without full admin

dhausman
Contributor

What permissions are required for running MUT to make updates to username, full name and email? I would prefer not to run as full admin account. I think I have just about everything else dialed in except for permissions to run MUT. I can do updates manually via jss, and I can run as full admin and MUT works, but I don't want extra access if possible.

Dan

1 ACCEPTED SOLUTION

dhausman
Contributor

Figured it out. Need Create, Read, Update for JSS Object User.

View solution in original post

2 REPLIES 2

dhausman
Contributor

Figured it out. Need Create, Read, Update for JSS Object User.

mike_levenick
New Contributor III
New Contributor III

Minimal permissions would be whatever ones are required to do it in the GUI. In this case, probably only Update and maybe Read on JSS Object user would be required, but JSS User permissions seem to be a little bit of a dark art.

The only additionally required permission is that the MUT v3+ verifies credentials on a GET of the Activation Code, so giving the user permission to Read the Activation Code will allow it to pass the MUT authentication check and then you can minimize permissions on what you actually want to do.

I put a note in there recommending full admin due to a large number of people running into permission issues and getting frustrated with the tool.