Privileged Access to techs

Contributor III

What is the optimal or preferred way to grant access to others who do not need full admin priveleges.

For example, they don't need to:

  • upload: packages, scripts, icons
  • modify: policies, profiles, smart groups, self-service etc
  • make any additional changes to the infrastructure or computers

What we would like them to be able to do:

  • Find computers for their building or support group
  • View FileVault keys for their computers (not all users computers)
  • Sign in to self-service to run tools designated to techs.

Sites may not be the ideal method and may complicate things if I'm understanding sites correctly, we have all of our companies buildings in Jamf (many across the globe) so perhaps referencing that.


Esteemed Contributor II

@walt If you're using AD you can create a group in AD containing your techs, then in the JSS prefs panel "Jamf Pro User Accounts & Groups" you can create a new Jamf Pro user group from that AD group using the Add LDAP Group option. Use Privilege Set->Custom to set exactly what privileges you want them to have.