Uploading Privileges 1.5.0 source code and documentation

Uploading Privileges 1.5.0 source code, updated documentation and new example management profiles.

application_management/README.md

@@ -1,6 +1,6 @@
 # Managing Privileges
 
-As of Privileges 1.0.5, it is possible to manage the following settings for **Privileges.app** or the **PrivilegesCLI** command line tool:
+As of Privileges 1.5.0, it is possible to manage the following settings for **Privileges.app** or the **PrivilegesCLI** command line tool:
 
 Preference domain: **corp.sap.privileges**
 
@@ -24,10 +24,152 @@ Description: Enforces certain privileges. Whenever **Privileges.app** or the **P
 * **user**: standard user rights are always set by Privileges.
 * **none**: **Privileges.app** and the **PrivilegesCLI** command line tool are disabled and it is not possible to change user privileges using these tools.
 
-Example configuration profiles are available via the link below:
+
+Key: **LimitToGroup**
+
+Value: a string containing the name of a specified group
+
+*Note: This is a string value.*
+
+Description: Limits the usage of **Privileges.app** to the given user group. 
+
+
+Key: **LimitToUser**
+
+Value: a string containing a specified user account's short name
+
+*Note: This is a string value.*
+
+Description: Limits the usage of **Privileges.app** to the given user account. 
+
+*Note: If used with a client management system that supports variables in configuration profiles, variables like `$USERNAME` may be used here.*
+
+
+
+
+Key: **ReasonRequired**
+
+Value: `true` or `false`
+
+*Note: This is a boolean value.*
+
+Accompanying Key: **ReasonMinLength**
+
+Value: **Integer**
+
+
+Description: If `ReasonRequired` is set to `true`, the user must provide a reason for needing admin rights. 
+
+If using `ReasonRequired`, then the `ReasonMinLength` key must also be set. The `ReasonMinLength` key specifies the minimum number of characters the user has to enter as the reason for becoming an admin. If not set, the value defaults to 10. The text field is limited to amaximum of 100 characters, so values greater than 100 have no effect.
+
+*Note: If setting `ReasonRequired`, the `Toggle Privilges` option is automatically disabled.*
+
+
+
+Key: **RemoteLogging**
+
+Value: A dictionary array containing the relevant server information
+
+
+Accompanying Key: **ServerType**
+
+Value: a string specifying the type of the logging server
+
+*Note: This is a string value. As of now, `syslog` is the only supported value. Others may be supported in future releases.*
+
+Accompanying Key: **ServerAddress**
+
+Value: a string specifying the address of the logging server
+
+*Note: This is a string value. This will usually be an IP address, unless the syslog server is set up to respond using a DNS hostname.*
+
+Accompanying Key: **ServerPort**
+
+Value: **Integer**
+
+*Note: This is an integer specifying the port of the logging server. By default, port 514 is used.*
+
+
+Accompanying Key: **EnableTCP**
+
+Value: `true` or `false`
+
+*Note: This is a boolean value. If set to true, the log messages are sent via TCP instead of UDP. By default, messages are sent via UDP.*
+
+Accompanying Key: **EnableTCP**
+
+Value: `true` or `false`
+
+*Note: This is a boolean value. If set to true, the log messages are sent via TCP instead of UDP. By default, messages are sent via UDP.*
+
+Accompanying Key: **SyslogOptions**
+
+Value: a dictionary containing syslog-specific options.
+
+Please see [https://tools.ietf.org/html/rfc5424#section-6.1 ](https://tools.ietf.org/html/rfc5424#section-6.1 )
+for further information on the options used in the `SyslogOptions` key.
+
+```
+key: LogFacility
+value: an integer specifying the syslog facility
+
+key: LogSeverity
+value: an integer specifying the syslog severity
+
+If not specified, facility defaults to 4 (security) and severity defaults to 6 (informational). Please see https://tools.ietf.org/html/rfc5424#section-6.2.1 for further information.
+
+key: MaximumMessageSize
+value: an integer specifying the maximum size of the  syslog message (header + event message)
+
+If not specified, the value defaults to 480 which is the 
+minimum maximum message size a syslog server must support.
+If the syslog message is larger than the specified maximum,
+the message will be truncated at the end.
+```
+
+
+
+
+
+
+
+Description: If `RemoteLogging` is used, this will send the logging for **Privileges.app** to a remote syslog server. 
+
+If using `RemoteLogging`, then the following subsidiary keys must also be set:
+
+* `ServerType`
+* `ServerAddress`
+* `ServerPort`
+* `EnableTCP`
+* `SyslogOptions`
+* `LogFacility`
+* `LogSeverity`
+* `MaximumMessageSize`
+
+
+
+Key: **RequireAuthentication**
+
+Value: a string containing a specified user account's short name
+
+Value: `true` or `false`
+
+*Note: This is a boolean value.*
+
+Description: Requires authentication before using  **Privileges.app**. If set to `true`, the logged-in user is prompted to authenticate via Touch ID or by entering their account password. 
+
+
+
+
+Example configuration profiles are available via the links below:
 
 * [Privileges DockToggleTimeout macOS Configuration Profile](example_profiles/DockToggleTimeout/Example_DockToggleTimeout.mobileconfig)
 * [Privileges EnforcePrivileges macOS Configuration Profile](example_profiles/EnforcePrivileges/Example_EnforcePrivileges.mobileconfig)
+* [Privileges LimitToGroup macOS Configuration Profile](example_profiles/LimitToGroup/Example_LimitToGroup.mobileconfig)
+* [Privileges LimitToUser macOS Configuration Profile](example_profiles/LimitToUser/Example_LimitToUser.mobileconfig)
+* [Privileges ReasonRequired macOS Configuration Profile](example_profiles/ReasonRequired/Example_ReasonRequired.mobileconfig)
+* [Privileges RemoteLogging macOS Configuration Profile](example_profiles/RemoteLogging/Example_RemoteLogging.mobileconfig)
+* [Privileges RequireAuthentication macOS Configuration Profile](example_profiles/RequireAuthentication/Example_RequireAuthentication.mobileconfig)
 
 
 Dock Icon

application_management/example_profiles/LimitToGroup/Example_LimitToGroup.mobileconfig

@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadContent</key>
+			<dict>
+				<key>corp.sap.privileges</key>
+				<dict>
+					<key>Forced</key>
+					<array>
+						<dict>
+							<key>mcx_preference_settings</key>
+							<dict>
+  								<!--
+                                    key: LimitToGroup
+                                    value: a string containing the name of the group
+                                    
+                                    Limits the usage of the app to the given user group.
+                                -->
+								<key>LimitToGroup</key>
+								<string>group_name_goes_here</string>
+							</dict>
+						</dict>
+					</array>
+				</dict>
+			</dict>
+			<key>PayloadDescription</key>
+			<string/>
+			<key>PayloadDisplayName</key>
+			<string>Privileges configuration</string>
+			<key>PayloadEnabled</key>
+			<true/>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.ManagedClient.preferences.36132147-235E-4663-ADA8-2664C67C4DD2</string>
+			<key>PayloadOrganization</key>
+			<string>SAP SE</string>
+			<key>PayloadType</key>
+			<string>com.apple.ManagedClient.preferences</string>
+			<key>PayloadUUID</key>
+			<string>36132147-235E-4663-ADA8-2664C67C4DD2</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>Configures the Privileges app.</string>
+	<key>PayloadDisplayName</key>
+	<string>Privileges configuration</string>
+	<key>PayloadEnabled</key>
+	<true/>
+	<key>PayloadIdentifier</key>
+	<string>CF401A42-35CA-4DA6-9123-5A49C87ECB5A</string>
+	<key>PayloadOrganization</key>
+	<string>SAP SE</string>
+	<key>PayloadRemovalDisallowed</key>
+	<true/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>50870D16-7AAD-478B-BFFE-BED09499F7E0</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>

application_management/example_profiles/LimitToUser/Example_LimitToUser.mobileconfig

@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadContent</key>
+			<dict>
+				<key>corp.sap.privileges</key>
+				<dict>
+					<key>Forced</key>
+					<array>
+						<dict>
+							<key>mcx_preference_settings</key>
+							<dict>
+                                <!--
+                                    key: LimitToUser
+                                    value: a string containing the user's short name
+                                    
+                                    Limits the usage of the app to the given user. If used with a client management
+                                    system that supports variables in configuration profiles, variables like
+                                    $USERNAME may be used here.
+                                -->
+                                <key>LimitToUser</key>
+  								<string>username_goes_here</string>
+							</dict>
+						</dict>
+					</array>
+				</dict>
+			</dict>
+			<key>PayloadDescription</key>
+			<string/>
+			<key>PayloadDisplayName</key>
+			<string>Privileges configuration</string>
+			<key>PayloadEnabled</key>
+			<true/>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.ManagedClient.preferences.36132147-235E-4663-ADA8-2664C67C4DD2</string>
+			<key>PayloadOrganization</key>
+			<string>SAP SE</string>
+			<key>PayloadType</key>
+			<string>com.apple.ManagedClient.preferences</string>
+			<key>PayloadUUID</key>
+			<string>36132147-235E-4663-ADA8-2664C67C4DD2</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>Configures the Privileges app.</string>
+	<key>PayloadDisplayName</key>
+	<string>Privileges configuration</string>
+	<key>PayloadEnabled</key>
+	<true/>
+	<key>PayloadIdentifier</key>
+	<string>CF401A42-35CA-4DA6-9123-5A49C87ECB5A</string>
+	<key>PayloadOrganization</key>
+	<string>SAP SE</string>
+	<key>PayloadRemovalDisallowed</key>
+	<true/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>50870D16-7AAD-478B-BFFE-BED09499F7E0</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>

application_management/example_profiles/ReasonRequired/Example_ReasonRequired.mobileconfig

@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadContent</key>
+			<dict>
+				<key>corp.sap.privileges</key>
+				<dict>
+					<key>Forced</key>
+					<array>
+						<dict>
+							<key>mcx_preference_settings</key>
+							<dict>
+  								<!--
+                                    key: ReasonRequired
+                                    value: a boolean
+                                    
+                                    If set to true, the user must provide a reason for needing admin rights.
+                                    The reason will be logged.
+                                -->
+								<key>ReasonRequired</key>
+								<true/>
+								<!--
+                                    key: ReasonMinLength
+                                    value: a positive integer
+                                    
+                                    If "ReasonRequired" is set to true, this key specifies the minimum number 
+                                    of characters the user has to enter as the reason for becoming an admin.
+                                    If not set, the value defaults to 10. The text field is limited to a
+                                    maximum of 100 characters, so values greater than 100 have no effect.
+                                    Please be aware that enabling this option, disables the "Toggle Privileges"
+                                    entry in the Privileges Dock tile menu.
+                                -->
+                                <key>ReasonMinLength</key>
+								<integer>5</integer>
+							</dict>
+						</dict>
+					</array>
+				</dict>
+			</dict>
+			<key>PayloadDescription</key>
+			<string/>
+			<key>PayloadDisplayName</key>
+			<string>Privileges configuration</string>
+			<key>PayloadEnabled</key>
+			<true/>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.ManagedClient.preferences.36132147-235E-4663-ADA8-2664C67C4DD2</string>
+			<key>PayloadOrganization</key>
+			<string>SAP SE</string>
+			<key>PayloadType</key>
+			<string>com.apple.ManagedClient.preferences</string>
+			<key>PayloadUUID</key>
+			<string>36132147-235E-4663-ADA8-2664C67C4DD2</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>Configures the Privileges app.</string>
+	<key>PayloadDisplayName</key>
+	<string>Privileges configuration</string>
+	<key>PayloadEnabled</key>
+	<true/>
+	<key>PayloadIdentifier</key>
+	<string>CF401A42-35CA-4DA6-9123-5A49C87ECB5A</string>
+	<key>PayloadOrganization</key>
+	<string>SAP SE</string>
+	<key>PayloadRemovalDisallowed</key>
+	<true/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>50870D16-7AAD-478B-BFFE-BED09499F7E0</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>