Policy Log Flushing Permissions

jmandler
New Contributor III

I'm looking to give a specific user access to flush specific computer logs on a policy. This is to allow SecOps to re-run policies that are set to once per computer. I set custom permissions as follows:

Jamf Pro Server Objects > Policies > Read
Jamf Pro Server Actions > Flush Policy Logs

This allows the user account to view the Policy and the associated logs, but clicking the "Flush" button on the log does not take any action. They are able to "Flush All" on the logs, but that would defeat the purpose of being able to re-run the policy on one specific computer. If I also enable Jamf Pro Server Objects > Policies > Update, the user is able to flush specific computer logs on the policies, but I do not wish to grant them access to change all of the policies present in Jamf.

From what I've read, the API isn't able to flush specific computer logs so I am unable to create a tool that utilizes the API for this goal.

I'm hoping for any suggestions on the feasibility of my request or permissions you have used to accomplish similar feats.

1 ACCEPTED SOLUTION

atomczynski
Valued Contributor
OPTION 1: Allow flushing from computer record:
*This also allows user to edit computer permissions and inventory display, but allows us flush those logs from the computer tab
 
Jamf Pro server objects:
- computers read/update
Jamf Pro server actions
- flush policy logs

OPTION 2: Allow flushing from the policy section ONLY
* This also allows the user to update a policy however
 
Jamf Pro server objects:
- policies > read/update
Jamf Pro server actions
- flush policy logs


View solution in original post

5 REPLIES 5

user-bBExstTMLl
New Contributor

I am also trying to do this. Is there any resolution?

jmandler
New Contributor III

I have not gotten a resolution for this. My SecOps decided that they would use a different solution on their end since I couldn't come up with a viable option.

Levi_
Contributor II

I'm running into this issue as well for enabling a team member with limited access to flush policy logs. I thought it was just me, as that's not the case I will raise a ticket with JAMF.

perrinbw
New Contributor II

I would be interested in the solution for this as I am seeing the similar issues. 

atomczynski
Valued Contributor
OPTION 1: Allow flushing from computer record:
*This also allows user to edit computer permissions and inventory display, but allows us flush those logs from the computer tab
 
Jamf Pro server objects:
- computers read/update
Jamf Pro server actions
- flush policy logs

OPTION 2: Allow flushing from the policy section ONLY
* This also allows the user to update a policy however
 
Jamf Pro server objects:
- policies > read/update
Jamf Pro server actions
- flush policy logs