Read only access on JSS scripts

rcoleman
New Contributor III

We currently have a standard JSS group that contains our support staff who have been added to the standard group as LDAP users. In the privileges section of the group under the "Jamf Pro Server objects", the "Read" section for "Scripts" has been selected.

The support staff can access the "Scripts" section under Computer Management and can see the list of scripts we use for our policies, but when selecting to view the contents of any of the scripts they are met with an "Access Denied 403" message.

I know they certainly used to have access to view the scripts, so I'm wondering if there's been an update that might have caused this, although I couldn't say how long the scripts have been inaccessible for.

I've tried removing the permissions and re-adding them. Creating another test group with the same privileges and also granting them "Update" and "Create" access rights. Bizarrely this didn't make any difference, they still had no access.

Does anyone have any ideas on how we can let the support staff view the contents of the scripts? It may help them with understanding what's going on when particular policies are run and assist with troubleshooting.

Any help would be much appreciated.

1 ACCEPTED SOLUTION

benducklow
Contributor III

I had to lookup this for myself again @rcoleman. I did open a case with Jamf Support for this but other issues were also part of it and even though i get it resolved, I didn't come back out here. For others, it looks to be a need for the READ to Categories that is (now) needed with the privilege set for the LDAP group.

View solution in original post

4 REPLIES 4

benducklow
Contributor III

Just got this issue reported here in our environment after upgrading to 10.28.0. Going to reach out to support on this...

benducklow
Contributor III

I had to lookup this for myself again @rcoleman. I did open a case with Jamf Support for this but other issues were also part of it and even though i get it resolved, I didn't come back out here. For others, it looks to be a need for the READ to Categories that is (now) needed with the privilege set for the LDAP group.

rcoleman
New Contributor III

Just tested this and it works! Many thanks. Apologies, I didn't see your first post on this.

benducklow
Contributor III

Glad to hear @rcoleman! I figured if you didn't resolve it, someone else might see it and help them from the start!