Posted on 06-04-2021 02:52 AM
We currently have a standard JSS group that contains our support staff who have been added to the standard group as LDAP users. In the privileges section of the group under the "Jamf Pro Server objects", the "Read" section for "Scripts" has been selected.
The support staff can access the "Scripts" section under Computer Management and can see the list of scripts we use for our policies, but when selecting to view the contents of any of the scripts they are met with an "Access Denied 403" message.
I know they certainly used to have access to view the scripts, so I'm wondering if there's been an update that might have caused this, although I couldn't say how long the scripts have been inaccessible for.
I've tried removing the permissions and re-adding them. Creating another test group with the same privileges and also granting them "Update" and "Create" access rights. Bizarrely this didn't make any difference, they still had no access.
Does anyone have any ideas on how we can let the support staff view the contents of the scripts? It may help them with understanding what's going on when particular policies are run and assist with troubleshooting.
Any help would be much appreciated.
Solved! Go to Solution.
Posted on 10-19-2021 01:09 PM
I had to lookup this for myself again @rcoleman. I did open a case with Jamf Support for this but other issues were also part of it and even though i get it resolved, I didn't come back out here. For others, it looks to be a need for the READ to Categories that is (now) needed with the privilege set for the LDAP group.
Posted on 06-08-2021 09:39 AM
Just got this issue reported here in our environment after upgrading to 10.28.0. Going to reach out to support on this...
Posted on 10-19-2021 01:09 PM
I had to lookup this for myself again @rcoleman. I did open a case with Jamf Support for this but other issues were also part of it and even though i get it resolved, I didn't come back out here. For others, it looks to be a need for the READ to Categories that is (now) needed with the privilege set for the LDAP group.
Posted on 10-20-2021 08:03 AM
Just tested this and it works! Many thanks. Apologies, I didn't see your first post on this.
Posted on 10-20-2021 08:31 AM
Glad to hear @rcoleman! I figured if you didn't resolve it, someone else might see it and help them from the start!