- Jamf Nation Community
- Products
- Jamf Pro
- Policy Log Flushing Permissions
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2021 02:05 PM
I'm looking to give a specific user access to flush specific computer logs on a policy. This is to allow SecOps to re-run policies that are set to once per computer. I set custom permissions as follows:
Jamf Pro Server Objects > Policies > Read
Jamf Pro Server Actions > Flush Policy Logs
This allows the user account to view the Policy and the associated logs, but clicking the "Flush" button on the log does not take any action. They are able to "Flush All" on the logs, but that would defeat the purpose of being able to re-run the policy on one specific computer. If I also enable Jamf Pro Server Objects > Policies > Update, the user is able to flush specific computer logs on the policies, but I do not wish to grant them access to change all of the policies present in Jamf.
From what I've read, the API isn't able to flush specific computer logs so I am unable to create a tool that utilizes the API for this goal.
I'm hoping for any suggestions on the feasibility of my request or permissions you have used to accomplish similar feats.
Solved! Go to Solution.
Labels:
Reply
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2021 08:26 AM
OPTION 1: Allow flushing from computer record:
*This also allows user to edit computer permissions and inventory display, but allows us flush those logs from the computer tab
Jamf Pro server objects:
- computers read/update
Jamf Pro server actions
- flush policy logs
OPTION 2: Allow flushing from the policy section ONLY
* This also allows the user to update a policy however
Jamf Pro server objects:
- policies > read/update
Jamf Pro server actions
- flush policy logs
Reply
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-14-2021 07:33 AM
I am also trying to do this. Is there any resolution?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-15-2021 07:23 AM
I have not gotten a resolution for this. My SecOps decided that they would use a different solution on their end since I couldn't come up with a viable option.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2021 02:08 PM
I'm running into this issue as well for enabling a team member with limited access to flush policy logs. I thought it was just me, as that's not the case I will raise a ticket with JAMF.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-15-2021 09:00 AM
I would be interested in the solution for this as I am seeing the similar issues.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2021 08:26 AM
OPTION 1: Allow flushing from computer record:
*This also allows user to edit computer permissions and inventory display, but allows us flush those logs from the computer tab
Jamf Pro server objects:
- computers read/update
Jamf Pro server actions
- flush policy logs
OPTION 2: Allow flushing from the policy section ONLY
* This also allows the user to update a policy however
Jamf Pro server objects:
- policies > read/update
Jamf Pro server actions
- flush policy logs
Reply
