All Projects → SAP → Macos Enterprise Privileges

SAP / Macos Enterprise Privileges

Licence: apache-2.0
For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.

Projects that are alternatives of or similar to Macos Enterprise Privileges

Bpmn Engine
BPMN 2.0 execution engine. Open source javascript workflow engine.
Stars: ✭ 519 (-10.21%)
Mutual labels:  open-source
Phantombot
PhantomBot is an actively developed open source interactive Twitch bot with a vibrant community that provides entertainment and moderation for your channel, allowing you to focus on what matters the most to you - your game and your viewers.
Stars: ✭ 547 (-5.36%)
Mutual labels:  open-source
Bonfire Firebase Sample
An app to discuss your favourite emojis. This is a sample app built with Firebase.
Stars: ✭ 564 (-2.42%)
Mutual labels:  open-source
Mail
💌 Mail app for Nextcloud
Stars: ✭ 528 (-8.65%)
Mutual labels:  open-source
Docusaurus
Easy to maintain open source documentation websites.
Stars: ✭ 29,053 (+4926.47%)
Mutual labels:  open-source
Hello World
Hello World in all possible programmnig languages
Stars: ✭ 558 (-3.46%)
Mutual labels:  open-source
Circlebar
A fun, easy-to-use tab bar navigation controller for iOS.
Stars: ✭ 513 (-11.25%)
Mutual labels:  open-source
Gittermobile
Unofficial Gitter.im (chat for GitHub) client for iOS and Android. [build with react-native]
Stars: ✭ 569 (-1.56%)
Mutual labels:  open-source
Dspace
(Official) The DSpace digital asset management system that powers your Institutional Repository
Stars: ✭ 548 (-5.19%)
Mutual labels:  open-source
Controlzex
Shared Controlz for WPF and ... more
Stars: ✭ 561 (-2.94%)
Mutual labels:  open-source
Merlin
Observes network connection status & gives callbacks
Stars: ✭ 536 (-7.27%)
Mutual labels:  open-source
Adguardforsafari
AdGuard for Safari app extension
Stars: ✭ 544 (-5.88%)
Mutual labels:  open-source
Hueman
Hueman WordPress Theme
Stars: ✭ 559 (-3.29%)
Mutual labels:  open-source
Jenkins Library
Jenkins shared library for Continuous Delivery pipelines.
Stars: ✭ 521 (-9.86%)
Mutual labels:  open-source
Contributing Template
Template for writing your own contributing guide
Stars: ✭ 565 (-2.25%)
Mutual labels:  open-source
Legit
Add licenses to projects at the command line
Stars: ✭ 515 (-10.9%)
Mutual labels:  open-source
Thor
DIY 3D Printable Robotic Arm
Stars: ✭ 556 (-3.81%)
Mutual labels:  open-source
Awesome Technical Writing
📚 A curated list of awesome resources : articles, books, videos, tools, podcasts about technical writing
Stars: ✭ 573 (-0.87%)
Mutual labels:  open-source
Nearby Shops Android App
Open Source Food Delivery and local shopping Platform
Stars: ✭ 565 (-2.25%)
Mutual labels:  open-source
Mycroft Core
Mycroft Core, the Mycroft Artificial Intelligence platform.
Stars: ✭ 5,489 (+849.65%)
Mutual labels:  open-source

Privileges.app

Description

Privileges.app for macOS is designed to allow users to work as a standard user for day-to-day use, by providing a quick and easy way to get administrator rights when needed. When you do need admin rights, you can get them by clicking on the Privileges icon in your Dock.

We believe all users, including all developers, can benefit from using Privileges.app. Working as a standard user instead of an administrator adds another layer of security to your Mac and is considered a security best practice. Privileges.app helps enable users to act as administrators of the system only when required.

Requirements

Privileges supports the following macOS versions:

  • macOS 10.12.x
  • macOS 10.13.x
  • macOS 10.14.x
  • macOS 10.15.x
  • macOS 11.0.x

Installation

  1. Log into your Mac using an account with admin privileges

  2. Download Privileges.app.

  3. Copy Privileges.app to to the Applications folder on your Mac.




  1. Launch Privileges.app and click the Remove Privileges button.

  1. Install the helper tool when prompted.

The logged-in account should now be a standard user account.

Note: To use all of Privileges.app's functions, we recommend adding Privileges.app to the dock.

Using Privileges.app

If you are a standard user and want admin rights, verify that Privileges.app is installed then use the following procedure:

  1. Launch Privileges.app
  2. Click the Request Privileges button.
  3. The Privileges dock icon should change to look like a yellow unlocked padlock.
  4. A Privileges have been changed successfully message should appear.

5. The logged-in account should now have admin rights.

If you are a admin user and want to remove admin rights, verify that Privileges.app is installed then use the following procedure:

  1. Launch Privileges.app.
  2. Click the Remove Privileges button.
  3. The Privileges dock icon should change to look like a green locked padlock.
  4. A Privileges have been changed successfully message should appear.

5. The logged-in account should now be a standard user account.

Helper Tools

The following helper tools are installed to allow Privileges.app the necessary access rights to grant or remove admin rights:

/Library/PrivilegedHelperTools/corp.sap.privileges.helper



/Library/LaunchDaemons/corp.sap.privileges.helper.plist



For more information on privilege elevation using a privileged helper app and LaunchDaemon, please see the link below:

https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/AccessControl.html

Frequently Asked Questions

Why does the icon for Privileges.app change colors in the Dock?

This is by design. The icon is green and displays a locked padlock icon when you are a standard user.


Dock icon for macOS Catalina and earlier:


Dock icon for macOS Big Sur:


The icon is yellow and displays an unlocked padlock icon when you are an administrator.


Dock icon for macOS Catalina and earlier:


Dock icon for macOS Big Sur:


By default, is there a time limit on the admin rights granted by Privileges.app?

No. Admin rights are granted until some process (like running Privileges.app again) takes them away.

Can I set Privileges.app to give me administrator rights for a defined amount of time?

Yes. You can use the Toggle Privileges option on the dock icon to get admin rights for a set amount of time (the default amount is 20 minutes.)





To set the amount of time used by the Toggle Privileges option, use the following procedure:

  1. Launch Privileges.app
  2. Click on the Privileges menu and select Preferences
  3. Select the desired amount of time from the available options.

What actions do the Lock Screen and Login Window toggle options perform?

The Lock Screen toggle option locks your screen.



The Login Window toggle option returns you to the Login Window without logging you out.



How do I use Privileges.app in a script or from the command line?

Privileges.app supports command line use. To use the PrivilegesCLI command line tool, run /Applications/Privileges.app/Contents/Resources/PrivilegesCLI followed by the option you want to use.

The PrivilegesCLI command line tool currently supports the following options:

  • /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --add : Adds the logged-in user to the admin group.

  • /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove : Removes the logged-in user from the admin group.

  • /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --status : Displays the current user's privileges.

For assistance, please run the following command to display all available options:

/Applications/Privileges.app/Contents/Resources/PrivilegesCLI

How do I access logs for Privileges.app?

Privileges.app uses the system log for logging. To see all logs for Privileges.app in the Console app, you can filter for the corp.sap.privileges.helper process.

To see only the logging associated with changing admin rights in the Console app, you can filter for log messages containing SAPCorp.

To access the same logs from the command line, the log command can be used. To see all logs for Privileges.app using the log command, the following command can be used:

log show --style syslog --predicate 'process == "corp.sap.privileges.helper"'

To see only the logging associated with changing admin rights, the following command can be used:

log show --style syslog --predicate 'process == "corp.sap.privileges.helper" && eventMessage CONTAINS "SAPCorp"'

How do I uninstall Privileges.app?

  1. Ensure that your user account has admin rights. If needed, launch Privileges.app one final time to make sure you have them.
  2. Remove the following files:
  • /Applications/Privileges.app

  • /Library/PrivilegedHelperTools/corp.sap.privileges.helper

  • /Library/LaunchDaemons/corp.sap.privileges.helper.plist

Application Management

As of Privileges 1.5.0, it is possible to manage settings for Privileges.app or the PrivilegesCLI command line tool using a macOS configuration profile. For more details, please click here.

Support

This project is 'as-is' with no support, no changes being made. You are welcome to make changes to improve it but we are not available for questions or support of any kind.

Security

Found a security-related issue or vulnerability and want to notify us? Please contact us at [email protected]

License

Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, Version 2.0 except as noted in the LICENSE file.

SUBCOMPONENTS

This project includes the following Apple EvenBetterAuthorizationSample sample code, which is subject to separate license terms. Your use of the code included in this project is subject to the separate license terms applicable to the Apple sample license code.

For more details, please see the the LICENSE file.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].