Open dherder opened 1 month ago
Dave: Chocolatey allows the user to install the thing but the user has to be an admin.
UPDATE: Dave: This^ is wrong. End user can install software via Chocolatey if they're a not an admin.
Dave: So, if the customer doesn't want to give the user admin access then self-service works for the 80% of use cases. But it makes the 20% difficult.
TODO @noahtalerman schedule call w/ Dave to chat
Problem
In many cases, end users are not admins of their devices. We have the FR for Self service, but allowing an app to install from the self service portal should also allow for temporary elevation of credentials across OS platforms, and also independent of whether or not an app is being installed.
If an application is not broadly distributed in an organization, end users can request to run the software, and administrators can approve it, applying elevation simultaneously. For applications that require elevation only to install or update, create time-based policies that will remove elevated rights once the time expires, allowing the application to run with regular privileges.