Posted on 10-07-2022 08:43 AM
Here is the scenario:
1.) I scope a computer a policy that they can run in self-service.
2.) I scope another policy to another computer that can be run in self-service.
3.) Both computers DON'T run the policies.
4.) I want to figure out which computer, has what policy, but not do it in a gui platform, I want to instead report out what computer has what policy scoped to them that they are able to run.
These seems "easy" enough, but no matter what I look at, I can't seem to find anything that can just spit out a "list" outside of going to the asset individually or looking at the policy itself.
Use case: I have a policy that is a template, I create a policy each time for each computer/user that needs this policy. I need to have a list of all users that have this policy associated with a device for auditing purposes. You're probably thinking, why can't you just put everyone in the same policy (great question), this is due to the nature of how we are trying to limit who has access to what. I don't want customer A able to run this "script" on customer B's computer, and likewise I don't want customer B to run this "script" on customer A's computer.
I hope this make sense, and I'm sure I'm not the first to think of this.
TLDR: I want to get a print out of all policies that are available to a user in self-service, but not through a graphical interface.
Posted on 10-10-2022 10:28 AM
Unfortunately, I don't see any way to pull that with a script. There are two places where you can find that information in the Jamf Pro GUI — the pending commands in the logs for a specific policy and Computer > Management > Policies — but neither is available in the API. I guess you could pull the rules for a specific policy (which you can pull from the API) and then try to redo the logic of those rules on your end to see if a computer is in scope or not, but unfortunately I think that's the only way.
Completed policies as a report is much easier, that I took a quick whack at: