BIG-RAT
commented
1 year ago Nice catch, and unfortunately this looks to be an issue with the API as scoped users, smart user groups, and static user groups information is missing when you view a policy through the API. For example here is a policy and configuration policy scoped exactly the same. policy (scope) xml:
<scope>
<all_computers>false</all_computers>
<computers/>
<computer_groups>
<computer_group>
<id>172</id>
<name>laptops</name>
</computer_group>
</computer_groups>
<buildings/>
<departments/>
<limit_to_users>
<user_groups/>
</limit_to_users>
<limitations>
<users/>
<user_groups/>
<network_segments/>
<ibeacons/>
</limitations>
<exclusions>
<computers/>
<computer_groups/>
<buildings/>
<departments/>
<users/>
<user_groups/>
<network_segments/>
<ibeacons/>
</exclusions>
</scope>Configuration Profile (scope) xml:
<scope>
<all_computers>false</all_computers>
<all_jss_users>false</all_jss_users>
<computers/>
<buildings/>
<departments/>
<computer_groups>
<computer_group>
<id>172</id>
<name>laptops</name>
</computer_group>
</computer_groups>
<jss_users/>
<jss_user_groups>
<user_group>
<id>2</id>
<name>Group 1</name>
</user_group>
<user_group>
<id>27</id>
<name>Test Smart Grp</name>
</user_group>
</jss_user_groups>
<limitations>
<users/>
<user_groups/>
<network_segments/>
<ibeacons/>
</limitations>
<exclusions>
<computers/>
<buildings/>
<departments/>
<computer_groups/>
<users/>
<user_groups/>
<network_segments/>
<ibeacons/>
<jss_users/>
<jss_user_groups/>
</exclusions>
</scope>Notice the policy is missing the jss_users and jss_user_groups keys. I might suggest openning a ticket with Jamf Support to get the issue addressed.
gtdragon980
When using Prune to scan policies in the JSS, it will not consider policies that are using static user scopes as being "In Use". I saw several enabled and scoped policies in the "Unused" list of policies when testing this.