Help

Restrict access to location information

tomnorton
New Contributor II

Posted on ‎03-14-2018 04:10 AM

Hi

We are looking into various MDM solutions.

Is anyone able to tell me if in JAMF it is possible to restrict access to location information of iOS devices to certain administrators?

Thanks in advance

Labels:
Reply
5 REPLIES 5

miregan
Contributor II

Posted on ‎03-14-2018 06:52 AM

You would have to restrict access to the whole object. You cant restrict access to only location info. I am unsure why this would be needed though if they are administrators. Why wouldnt you want your admins to be able to see location info?

0 Kudos
Reply

tomnorton
New Contributor II

Posted on ‎03-14-2018 07:42 AM

From a data protection / GDPR point of view we are now only allowed a limited number of management staff to see location information of staff devices.

We still need administrators to carry out day to day tasks, but only allow say 2 of them to see location information.

0 Kudos
Reply

miregan
Contributor II

Posted on ‎03-14-2018 08:13 AM

You would have to block the whole Mobile Devices object. They would not be able to issue commands to the devices or edit inventory information etc.

0 Kudos
Reply

jamf_sam
Moderator
Moderator

Posted on ‎03-14-2018 08:27 AM

Hello @tomnorton ,

This is something that Jamf Pro can do. Here is a video by our very own @dave.saltmarsh talking about how we can build delegated access within Jamf Pro.

https://youtu.be/K-bcBv1RPgw?t=394

You can separate the ability to enable lost mode and the ability to see the reported coordinates. You are absolutely right, from a security perspective this makes a lot of sense. In Jamf Pro, that permission is called "View Mobile Device Lost Mode Location".

Hope that helps!

Reply

miregan
Contributor II

Posted on ‎03-14-2018 09:05 AM

I stand corrected. Thanks for that as I didnt see the option

Reply