Help

Programmatically set accessibility for an app in security and privacy

rodders
New Contributor III

Posted on ‎08-01-2017 10:51 AM

Ive been looking into how, if at all, it would be possible to set an app to be ticket/allowed in accessbility within Security and Privacy > Privacy > Accessbility
Much like how this page outlines for 10.12 - but through the terminal:
http://mizage.com/help/accessibility.html

My Google-fu is failing me as well as a colleague so wondering if its at all possible?
My thoughts went to - and were quickly quashed - in the following:
Loginwindow
accessbility plist
the apps plist
Gatekeeper/spctl

But no luck.

0 Kudos
Reply
10 REPLIES 10

davidacland
Honored Contributor II

Posted on ‎08-01-2017 11:23 AM

I haven't done it for a little while so not sure if it's still possible, but it was possible by editing the associated sqlite database.

https://apple.stackexchange.com/questions/178313/change-accessibility-setting-on-mac-using-terminal

0 Kudos
Reply

StoneMagnet
Contributor III

Posted on ‎08-01-2017 11:27 AM

@davidacland Note the December 19 2016 comment on that StackExchange thread - TCC.db is now restricted by SIP

0 Kudos
Reply

davidacland
Honored Contributor II

Posted on ‎08-01-2017 11:31 AM

Ha ha, I should learn to read! Not sure if there's another way to do it now :(

0 Kudos
Reply

StoneMagnet
Contributor III

Posted on ‎08-01-2017 11:41 AM

Well if you find one, be sure to share it :-) Unfortunately there is a wide, and widening, delta between what was configurable pre-SIP, and what Apple has deigned to grant us control of via Configuration Profiles. Even more frustrating is when that changes in a macOS point release (although with 10 as the perpetual major version number I guess you could consider 10.12.6 a minor rather than point update to 10.12.5).

0 Kudos
Reply

mpebley
New Contributor III

Posted on ‎08-02-2017 04:32 AM

Try this little gem...

https://github.com/univ-of-utah-marriott-library-apple/privacy_services_manager

I haven't used much lately, but just installed and tested on macOS 10.13 and appears to still be working.

You will also need their other component Management Tools along with Privacy Services Manager...

https://github.com/univ-of-utah-marriott-library-apple

Mike

0 Kudos
Reply

rodders
New Contributor III

Posted on ‎08-02-2017 04:38 AM

@mpebley thanks!
I'll give this a go and let you know.

0 Kudos
Reply

bozemans
New Contributor III

Posted on ‎08-24-2017 01:54 PM

@roodders
I'm needing this same access in our environment. Hope it works, too.

0 Kudos
Reply

Rocky
New Contributor III

Posted on ‎11-17-2017 05:17 PM

Just tried the Univ of Utah Marriott tools and they did not work for enabling accessibility. Received the response:

INFO: Set to modify global permissions for all users at '/Library/Application Support/com.apple.TCC/TCC.db'.
INFO: Inserting 'com.<program>' in service 'accessibility'...
ERROR: OperationalError: attempt to write a readonly database

Running macOS 10.13.1
Currently at a loss on how to make this change programmatically for deployment in lab and office environments. Looks like SIP has it completely inaccessible for deployment now.

How are others dealing with this? Granting admin rights to the preferences to users? Manually setting individual machines (for hundreds/thousands of machines)?

0 Kudos
Reply

jimmy-swings
Contributor II

Posted on ‎03-04-2018 03:28 PM

Hey @Rocky @bozemans @rodders @StoneMagnet - any luck finding a way to either allow a standard user to manage their own accessibility options or programmatically allowing access for to the device for specific applications?

Reply

JayDuff
Contributor II

Posted on ‎10-18-2018 09:20 AM

SIP has made TCC.db a read-only file. According to this discussion, "macOS 10.14 will have a section named Automation under Security & Privacy / Privacy. This utility {TCCutil} is no longer necessary at that point. Any app that attempts to use automation will bring up a prompt to confirm once."

Since we are going to be staying on Sierra, I guess we're hosed. :(

0 Kudos
Reply