Jamf Nation Community

mikesmithwsu · ‎09-27-2022

I have a user group, that has only site level access. But I'd like to have it setup to where the group has the ability to use jamf admin for only their site.

If I'm understanding correctly how JAMF has this setup, what I'd like to be done is not possible. It looks like to give some access to JAMF admin, they have to have full access.

Am I correct? or am I missing something?

Thanks!

ubcoit · ‎09-27-2022

We are using Active Directory for our groups, so I have a matching group name in AD.

Group Name: Jamf-Admin-App as an example in AD, add your AD users to it.

Settings > System Settings > Jamf Pro User Accounts & Groups
Create a new group (Jamf-Admin-App) with the following permissions
Access Level = Full Access
Privilege Set = Custom

Privilege tab > Jamf Pro Server Objects
- Categories
- Computer Enrollment Invitations
- Directory Bindings
- Dock Items
- Packages
- Printers
- Scripts
These are all selected (you could remove delete if that's a concern and test functionality, test them all really!).

Privilege tab > Jamf Admin > Jamf Admin Privileges both selected (Use Jamf Admin and Save with Jamf Admin)

That's how I have it setup, been a long time since I tested it and I haven't had any complaints...

Good luck.

mikesmithwsu · ‎09-28-2022

I guess what I would like to do is be able to configure one group site level access, so that they can add packages to jamf admin, specifically only for their site.
Then also, have a different group, assigned to a different site, be configured so that they can add packages to jamf admin, for their site, and it not affect the other site, nor would they have permissions to even see the other site.

It looks like, the way jamf pro is set now, it's all or nothing. The groups would get full access to use jamf admin, and see all packages, or they have no access to jamf admin.

If I configure a group to site access, the option for jamf admin permissions is not available.

ubcoit · ‎09-28-2022

Yes, that be nice. Best I can tell it's not possible. What I outlined I setup 7ish years ago. Wouldn't hold your breath in getting that feature.

Jamf Nation Community

Site Level Permissions for JAMF Admin