Programmatically set accessibility for an app in security and privacy

rodders
New Contributor III

Ive been looking into how, if at all, it would be possible to set an app to be ticket/allowed in accessbility within Security and Privacy > Privacy > Accessbility
Much like how this page outlines for 10.12 - but through the terminal:
http://mizage.com/help/accessibility.html

My Google-fu is failing me as well as a colleague so wondering if its at all possible?
My thoughts went to - and were quickly quashed - in the following:
Loginwindow
accessbility plist
the apps plist
Gatekeeper/spctl

But no luck.

10 REPLIES 10

davidacland
Honored Contributor II
Honored Contributor II

I haven't done it for a little while so not sure if it's still possible, but it was possible by editing the associated sqlite database.

https://apple.stackexchange.com/questions/178313/change-accessibility-setting-on-mac-using-terminal

StoneMagnet
Contributor III

@davidacland Note the December 19 2016 comment on that StackExchange thread - TCC.db is now restricted by SIP

davidacland
Honored Contributor II
Honored Contributor II

Ha ha, I should learn to read! Not sure if there's another way to do it now :(

StoneMagnet
Contributor III

Well if you find one, be sure to share it :-) Unfortunately there is a wide, and widening, delta between what was configurable pre-SIP, and what Apple has deigned to grant us control of via Configuration Profiles. Even more frustrating is when that changes in a macOS point release (although with 10 as the perpetual major version number I guess you could consider 10.12.6 a minor rather than point update to 10.12.5).

mpebley
New Contributor III

Try this little gem...

https://github.com/univ-of-utah-marriott-library-apple/privacy_services_manager

I haven't used much lately, but just installed and tested on macOS 10.13 and appears to still be working.

You will also need their other component Management Tools along with Privacy Services Manager...

https://github.com/univ-of-utah-marriott-library-apple

Mike

rodders
New Contributor III

@mpebley thanks!
I'll give this a go and let you know.

bozemans
New Contributor III

@roodders
I'm needing this same access in our environment. Hope it works, too.

Rocky
New Contributor III

Just tried the Univ of Utah Marriott tools and they did not work for enabling accessibility. Received the response:

INFO: Set to modify global permissions for all users at '/Library/Application Support/com.apple.TCC/TCC.db'.
INFO: Inserting 'com.<program>' in service 'accessibility'...
ERROR: OperationalError: attempt to write a readonly database

Running macOS 10.13.1
Currently at a loss on how to make this change programmatically for deployment in lab and office environments. Looks like SIP has it completely inaccessible for deployment now.

How are others dealing with this? Granting admin rights to the preferences to users? Manually setting individual machines (for hundreds/thousands of machines)?

jimmy-swings
Contributor II

Hey @Rocky @bozemans @rodders @StoneMagnet - any luck finding a way to either allow a standard user to manage their own accessibility options or programmatically allowing access for to the device for specific applications?

JayDuff
Contributor II

SIP has made TCC.db a read-only file. According to this discussion, "macOS 10.14 will have a section named Automation under Security & Privacy / Privacy. This utility {TCCutil} is no longer necessary at that point. Any app that attempts to use automation will bring up a prompt to confirm once."

Since we are going to be staying on Sierra, I guess we're hosed. :(