update privileges mobileconfig for 2.0.0

jlaundry · Nov 25, 2024 · 248fb4f · 248fb4f
1 parent ca24365
commit 248fb4f
Showing 1 changed file with 69 additions and 53 deletions.
diff --git a/macos/Privileges/com.jlaundry.privileges.mobileconfig b/macos/Privileges/com.jlaundry.privileges.mobileconfig
@@ -14,65 +14,23 @@
 							<dict>
 								<key>mcx_preference_settings</key>
 								<dict>
-									<!--
-									key: DockToggleMaxTimeout
-									value: a positive integer
-									
-									Set a maximum timeout for the Dock tile's "Toggle Privileges" command. This
-									generally works the same way as the "DockToggleTimeout" but allows the user
-									to choose every timeout value up to the one specified. So if the admin would
-									set "DockToggleMaxTimeout" to 20 minutes, the user may decide to set it to
-									a value below 20 instead of being forced to use the 20 minute timeout. With 
-									regards to user experience we recommend to use "DockToggleMaxTimeout" instead
-									of "DockToggleTimeout". if "DockToggleMaxTimeout" and "DockToggleTimeout" 
-									have been set, the fixed value of "DockToggleTimeout" takes precedence over 
-									"DockToggleMaxTimeout".
-									-->
-									<key>DockToggleMaxTimeout</key>
-									<integer>15</integer>
+									<!-- see: https://github.com/SAP/macOS-enterprise-privileges/wiki/Managing-Privileges -->
+									<key>RevokePrivilegesAtLogin</key>
+									<true/>
+									<key>ExpirationIntervalMax</key>
+									<integer>60</integer>
+
+									<key>RequireAuthentication</key>
+									<true/>
+									<key>AllowCLIBiometricAuthentication</key>
+									<true/>
 
-									<!--
-									key: ReasonRequired
-									value: a boolean
-									
-									If set to true, the user must provide a reason for needing admin rights.
-									The reason will be logged.
-									-->
 									<key>ReasonRequired</key>
 									<true />
-									<!--
-									key: ReasonMinLength
-									value: a positive integer below 100
-									
-									If "ReasonRequired" is set to true, this key specifies the minimum number 
-									of characters the user has to enter as the reason for becoming an admin.
-									If not set, the value defaults to 10. The text field is limited to a
-									maximum of 100 characters, so values greater than 100 have no effect.
-									Please be aware that enabling this option, disables the "Toggle Privileges"
-									entry in the Privileges Dock tile menu.
-									-->
 									<key>ReasonMinLength</key>
 									<integer>8</integer>
-									<!--
-									key: ReasonMaxLength
-									value: a positive integer below 100
-									
-									If "ReasonRequired" is set to true, this key specifies the maximum number
-									of characters the user can enter as the reason for becoming an admin.
-									If not set, the value defaults to 100. If a value > 100 is specified or
-									if "ReasonMaxLength" is <= "ReasonMinLength", the value is set to default.
-						  			-->
 									<key>ReasonMaxLength</key>
 									<integer>40</integer>
-									<!--
-									key: ReasonPresetList
-									value: an array of strings
-									
-									If "ReasonRequired" is set to true, this key allows to pre-define a list
-									of possible reasons (for becoming an admin) the user can choose from. If
-									set, an additional pop-up menu will appear in the dialog box. This only
-									works for the GUI version of Privileges.
-									-->
 									<key>ReasonPresetList</key>
 									<array>
 										<dict>
@@ -108,8 +66,66 @@
 				<key>PayloadUUID</key>
 				<string>8436814F-858D-4875-8552-4263D70478E2</string>
 				<key>PayloadVersion</key>
+				<integer>2</integer>
+			</dict>
+			<dict>
+				<key>NotificationSettings</key>
+				<array>
+					<dict>
+						<key>AlertType</key>
+						<integer>1</integer>
+						<key>BadgesEnabled</key>
+						<false/>
+						<key>BundleIdentifier</key>
+						<string>corp.sap.privileges.agent</string>
+						<key>NotificationsEnabled</key>
+						<true/>
+						<key>ShowInLockScreen</key>
+						<false/>
+						<key>ShowInNotificationCenter</key>
+						<false/>
+						<key>SoundsEnabled</key>
+						<false/>
+					</dict>
+				</array>
+				<key>PayloadDisplayName</key>
+				<string>Privileges Notifications Payload</string>
+				<key>PayloadIdentifier</key>
+				<string>com.apple.notificationsettings.82F3A882-88ED-4B92-8A03-332A9874FDD0</string>
+				<key>PayloadOrganization</key>
+				<string>SAP SE</string>
+				<key>PayloadType</key>
+				<string>com.apple.notificationsettings</string>
+				<key>PayloadUUID</key>
+				<string>82F3A882-88ED-4B92-8A03-332A9874FDD0</string>
+				<key>PayloadVersion</key>
 				<integer>1</integer>
 			</dict>
+			<dict>
+				<key>PayloadDisplayName</key>
+				<string>Privileges Service Management Payload</string>
+				<key>PayloadIdentifier</key>
+				<string>com.apple.servicemanagement.AD895F7A-40F5-454A-B70F-6AA00C3738CF</string>
+				<key>PayloadOrganization</key>
+				<string>SAP SE</string>
+				<key>PayloadType</key>
+				<string>com.apple.servicemanagement</string>
+				<key>PayloadUUID</key>
+				<string>AD895F7A-40F5-454A-B70F-6AA00C3738CF</string>
+				<key>PayloadVersion</key>
+				<integer>1</integer>
+				<key>Rules</key>
+				<array>
+					<dict>
+						<key>Comment</key>
+						<string>Approves Privileges and its components</string>
+						<key>RuleType</key>
+						<string>TeamIdentifier</string>
+						<key>RuleValue</key>
+						<string>7R5ZEU67FQ</string>
+					</dict>
+				</array>
+			</dict>
 		</array>
 		<key>PayloadDescription</key>
 		<string>Configures the Privileges app</string>
@@ -130,6 +146,6 @@
 		<key>PayloadUUID</key>
 		<string>C2F39834-001F-4930-AC7D-E5BA0DE82529</string>
 		<key>PayloadVersion</key>
-		<integer>1</integer>
+		<integer>4</integer>
 	</dict>
 </plist>