Privileges

Kevin
Contributor II

We have acquired a small company in another city that has 80 or so Macs. We have run Recon and have brought those systems into our JSS. I will be installing a distribution point there soon. We intend to keep their current support guy for on-site support.

My question: Is there a way to give him privileges that are only for his network segment or department? He needs to be able to admin the machines in that office, but I don't want him having the keys to our kingdom that granting him full JSS access would provide.

3 REPLIES 3

ernstcs
Contributor III

Currently there is no granularity of permissions for network segments, let along and grouping of computers. As it stands right now, and maybe not for too long, whatever rights you give that user, they have rights to everywhere they can access. If there are networking limitations in place then they can't touch boxes on your network at least.

Kevin
Contributor II

I would be happy if we could just setup notifications that affect his machines. As it stands, if I set him up to receive notifications (Smart Status failing, Smart Group changes, etc…) he will get those notifications not only for the computers he is charged with administering, but also for the 500 or so machines on our site–that he doesn't care about.

mm2270
Legendary Contributor III

This is related to one of the biggest and longest running feature requests for the product. being able to scope privileges based on a subset of managed systems or on Network Segments or some other creative method.
For orgs that have multiple offices around the country/globe, the current way Casper works is a major sticking point.
That said, it is something on JAMF's radar, and I have a feeling we'll be seeing this make it into the product by end of year or early next.

Until then, there isn't much you can do, other than turning on change management on your JSS, just in case anything weird happens, you can at least go through the logs to see whodunnit.