Required - API Role - Minimum Privileges Required

[blakeusblade]

It would be good to have published the minimum privileges required in jamf pro for (API Roles and Clients). Currently, I've just enabled "Send Computer Remote Command to Download and Install OS X Update"

[blakeusblade]

Additionally, with v4beta1... Based on the WARNING I got in the logs... I removed the below installation parameters (soon to be deprecated I assume).

--auth-jamf-account=AccountName --auth-jamf-password=Password

and setup an "API Role and Client" (Mentioned above in the main post)

Added the below into my installation parameters --auth-jamf-client=ClientID --auth-jamf-secret=ClientSecret

In doing so, I get the following in the super logs when super attempts installation. Error: Unable to validate Jamf Pro API software update workflow type. Verify that the provided Jamf Pro credentials has appropriate privledges: Error: Failed to validate Jamf Pro API configuration

[blakeusblade]

Ok... Solved my issue...

One MUST add the below privileges to the API role (much in the same way one does to the old API account).(In my case, I'm using a config profile to obtain the JamfProID, so Computers Read/Create are Not needed)

Update Managed Software Updates Read Managed Software Updates Create Managed Software Updates Send Computer Remote Command to Download and Install OS X Update

[master-vodawagner]

Yep, I was going to say the permissions were in the wiki, you just needed to add each component into the Roles and client section individually

[Macjutsu]

A few things here....

• I haven't had time to update the Wiki for v4, but it's a priority.
• Until then the Changelog documentation is accurate.
• In the Changelog you'll find the required API permissions.