DockToggleTimeout not working

[dvickery]

I've been using this app in a VM with no MDM solution applied and while some features seem fine, I cannot get the automatic downgrade to work. The Profile is not signed. Manual promotions and removals work fine, but the timer option doesn't. I've checked the logs in Monitor and this section stands out:

default 15:33:55.125403+0100 runningboardd Invalidating assertion 168-111-281 (target:[app<application.corp.sap.privileges.12884983020.12884983032(501)>:629]) from originator [daemon:111] default 15:33:55.179244+0100 runningboardd [app<application.corp.sap.privileges.12884983020.12884983032(501)>:629] termination reported by launchd (0, 0, 0) default 15:33:55.179322+0100 runningboardd Removing process: [app<application.corp.sap.privileges.12884983020.12884983032(501)>:629] default 15:33:55.179852+0100 runningboardd Removing launch job for: [app<application.corp.sap.privileges.12884983020.12884983032(501)>:629] default 15:33:55.180449+0100 runningboardd Removed job for [app<application.corp.sap.privileges.12884983020.12884983032(501)>:629] default 15:33:55.180660+0100 runningboardd Removing assertions for terminated process: [app<application.corp.sap.privileges.12884983020.12884983032(501)>:629] default 15:33:55.181035+0100 runningboardd Removed last relative-start-date-defining assertion for process app<application.corp.sap.privileges.12884983020.12884983032(501)> default 15:33:55.197094+0100 runningboardd Calculated state for app<application.corp.sap.privileges.12884983020.12884983032(501)>: none (role: None) default 15:33:55.197527+0100 runningboardd Calculated state for app<application.corp.sap.privileges.12884983020.12884983032(501)>: none (role: None) default 15:33:55.223793+0100 NotificationCenter [corp.sap.privileges:F7C62902] updating existing notification with content from F7C62902 error 15:33:55.234003+0100 runningboardd RBSStateCapture remove item called for untracked item 168-111-281 (target:[app<application.corp.sap.privileges.12884983020.12884983032(501)>:629]) default 15:33:55.255491+0100 launchservicesd Hit the server for a process handle 74d2a0a00000275 that resolved to: [app<application.corp.sap.privileges.12884983020.12884983032(501)>:629] default 15:33:55.261993+0100 loginwindow -[PersistentAppsSupport applicationQuit:] | for app:Privileges, _appTrackingState = 2 default 15:33:55.262021+0100 loginwindow -[PersistentAppsSupport applicationQuit:] | App: Privileges, quit, updating active tracking timer default 15:34:05.142209+0100 corp.sap.privileges.helper Entering exit handler. default 15:34:05.142273+0100 corp.sap.privileges.helper Exiting exit handler.

I assume the "Removing launch job" line is why the downgrade of rights never happens, but I don't know what the invalidation assertion is all about. Can anyone help?

[rtrouton]

Are you using the Toggle privileges command?

https://github.com/SAP/macOS-enterprise-privileges/wiki/Frequently-Asked-Questions#can-i-set-privileges-to-give-me-administrator-rights-for-a-defined-amount-of-time

The reason I'm asking is that DockToggleTimeout only manages that:

Set a fixed timeout, in minutes, for the Dock tile's Toggle Privileges command. After this time, the admin rights are removed and set back to standard user rights. A value of 0 disables the timeout and allows the user to permanently toggle privileges.

[dvickery]

Ah. No, I missed that connection. OK, yes, toggle does respect the timer value, but not when using the default click to elevate. I understand the difference now. Thank you for the quick response.