Allow services that are denied in the TCC database.
For devices under management, there are some User Consent items that cannot be allowed even with PPPC.
If you have not granted administrators, the end user cannot change the access rights of some applications in the [System Preferences] > [Security & Privacy] > [Privacy] UI.
Therefore, I have created a script to force the User Consent item to be allowed.
- Full disk access
- This script reads TCC database
- macOS 10.14 Mojave or later
The script will require two arguments.
./TCC-Permitter.sh <bundle-id or binary path> <TCC service name>
If you want to allow camera of zoom app, you should run the following command:
./TCC-Permitter.sh "us.zoom.xos" "Camera"
- Upload this script to Jamf Pro.
- Create new policy with the script.
- Set arguments for the script.
- Bundle ID or Binary path
- TCC service name
If you want to allow camera of zoom app, the setting will look like the image below.
If you want to get the bundle ID of the target application, the following command may be of help.
mdls -name kMDItemCFBundleIdentifier -r /Applications/zoom.us.app
And if you want to check the current status of the TCC database, the following command may be of help.
sqlite3 -header "$HOME/Library/Application Support/com.apple.TCC/TCC.db" "SELECT service, client, allowed FROM access"
You can specify one of the following list It is case-insensitive.
If you want to specify more than one, you can use comma-separated values like:
./TCC-Permitter.sh "us.zoom.xos" "Camera,Microphone,ScreenCapture"
- Accessibility
- AddressBook
- All
- AppleEvents
- BluetoothAlways
- BluetoothPeripheral
- BluetoothWhileInUse
- Calendar
- Calls
- Camera
- ContactsFull
- ContactsLimited
- DeveloperTool
- FaceID
- FileProviderDomain
- FileProviderPresence
- KeyboardNetwork
- ListenEvent
- Liverpool
- Location
- Gone by 11.0
- MSO
- MediaLibrary
- Microphone
- Motion
- Photos
- PhotosAdd
- PostEvent
- Reminders
- ScreenCapture
- SensorKitAmbientLightSensor
- SensorKitDeviceUsage
- SensorKitElevation
- SensorKitForegroundAppCategory
- SensorKitKeyboardMetrics
- SensorKitLocationMetrics
- SensorKitMessageUsage
- SensorKitMotion
- SensorKitMotionHeartRate
- SensorKitOdometer
- SensorKitPedometer
- SensorKitPhoneUsage
- SensorKitSpeechMetrics
- SensorKitStrideCalibration
- SensorKitWatchAmbientLightSensor
- SensorKitWatchFallStats
- SensorKitWatchForegroundAppCategory
- SensorKitWatchHeartRate
- SensorKitWatchMotion
- SensorKitWatchOnWristState
- SensorKitWatchPedometer
- SensorKitWatchSpeechMetrics
- ShareKit
- SinaWeibo
- Siri
- SpeechRecognition
- SystemPolicyAllFiles
- SystemPolicyDesktopFolder
- SystemPolicyDeveloperFiles
- SystemPolicyDocumentsFolder
- SystemPolicyDownloadsFolder
- SystemPolicyNetworkVolumes
- SystemPolicyRemovableVolumes
- SystemPolicySysAdminFiles
- TencentWeibo
- Ubiquity
- Willow