Skip to main content
Question

Programmatically set accessibility for an app in security and privacy


Forum|alt.badge.img+4

Ive been looking into how, if at all, it would be possible to set an app to be ticket/allowed in accessbility within Security and Privacy > Privacy > Accessbility
Much like how this page outlines for 10.12 - but through the terminal:
http://mizage.com/help/accessibility.html

My Google-fu is failing me as well as a colleague so wondering if its at all possible?
My thoughts went to - and were quickly quashed - in the following:
Loginwindow
accessbility plist
the apps plist
Gatekeeper/spctl

But no luck.

10 replies

davidacland
Forum|alt.badge.img+18
  • Valued Contributor
  • 1811 replies
  • August 1, 2017

I haven't done it for a little while so not sure if it's still possible, but it was possible by editing the associated sqlite database.

https://apple.stackexchange.com/questions/178313/change-accessibility-setting-on-mac-using-terminal


Forum|alt.badge.img+8
  • Contributor
  • 147 replies
  • August 1, 2017

@davidacland Note the December 19 2016 comment on that StackExchange thread - TCC.db is now restricted by SIP


davidacland
Forum|alt.badge.img+18
  • Valued Contributor
  • 1811 replies
  • August 1, 2017

Ha ha, I should learn to read! Not sure if there's another way to do it now :(


Forum|alt.badge.img+8
  • Contributor
  • 147 replies
  • August 1, 2017

Well if you find one, be sure to share it :-) Unfortunately there is a wide, and widening, delta between what was configurable pre-SIP, and what Apple has deigned to grant us control of via Configuration Profiles. Even more frustrating is when that changes in a macOS point release (although with 10 as the perpetual major version number I guess you could consider 10.12.6 a minor rather than point update to 10.12.5).


Forum|alt.badge.img+7
  • Contributor
  • 24 replies
  • August 2, 2017

Try this little gem...

https://github.com/univ-of-utah-marriott-library-apple/privacy_services_manager

I haven't used much lately, but just installed and tested on macOS 10.13 and appears to still be working.

You will also need their other component Management Tools along with Privacy Services Manager...

https://github.com/univ-of-utah-marriott-library-apple

Mike


Forum|alt.badge.img+4
  • Author
  • Contributor
  • 20 replies
  • August 2, 2017

@mpebley thanks!
I'll give this a go and let you know.


Forum|alt.badge.img+5
  • Contributor
  • 40 replies
  • August 24, 2017

@roodders
I'm needing this same access in our environment. Hope it works, too.


Forum|alt.badge.img+4
  • New Contributor
  • 14 replies
  • November 18, 2017

Just tried the Univ of Utah Marriott tools and they did not work for enabling accessibility. Received the response:

INFO: Set to modify global permissions for all users at '/Library/Application Support/com.apple.TCC/TCC.db'.
INFO: Inserting 'com.<program>' in service 'accessibility'...
ERROR: OperationalError: attempt to write a readonly database

Running macOS 10.13.1
Currently at a loss on how to make this change programmatically for deployment in lab and office environments. Looks like SIP has it completely inaccessible for deployment now.

How are others dealing with this? Granting admin rights to the preferences to users? Manually setting individual machines (for hundreds/thousands of machines)?


Forum|alt.badge.img+8
  • Valued Contributor
  • 109 replies
  • March 4, 2018

Hey @Rocky @bozemans @rodders @StoneMagnet - any luck finding a way to either allow a standard user to manage their own accessibility options or programmatically allowing access for to the device for specific applications?


Forum|alt.badge.img+8
  • Contributor
  • 119 replies
  • October 18, 2018

SIP has made TCC.db a read-only file. According to this discussion, "macOS 10.14 will have a section named Automation under Security & Privacy / Privacy. This utility {TCCutil} is no longer necessary at that point. Any app that attempts to use automation will bring up a prompt to confirm once."

Since we are going to be staying on Sierra, I guess we're hosed. :(


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings