What are the exact permissions that MUT needs?

[bp88]

What are the exact permissions that MUT needs? I've provided limited READ and UPDATE permissions on the Jamf account we're using and we continually get the following 409 failure when uploading the Computer template CSV. To test things out, the CSV only contains one record where the PO Number and PO Date are being updated.

We're using MUT v6.0.0.

If it makes any difference, I've tried cloning the Jamf account. I've tried re-saving the Jamf account. I've tried playing with some of the basic permissions the account has.

I've been reviewing older issues and posts on Jamf Nation with no solution.

2022-06-24 06:47:54 [INFO  ]: Beginning CSV Parse - Attributes update.
2022-06-24 06:47:54 [INFO  ]: Attempting to GET the Jamf Pro Version from the API.
2022-06-24 06:47:54 [INFO  ]: Successful GET completed. 200.
2022-06-24 06:47:54 [INFO  ]: Jamf Pro Version: 10.38.3-t1653338998
2022-06-24 06:47:54 [INFO  ]: Submitting a PUT to https://jss.url/JSSResource/computers/serialnumber/ABC123DE45
2022-06-24 06:47:54 [ERROR ]: Failed PUT. 409.
2022-06-24 06:47:54 [ERROR ]: <html>
<head>
   <title>Status page</title>
</head>
<body style="font-family: sans-serif;">
<p style="font-size: 1.2em;font-weight: bold;margin: 1em 0px;">Conflict</p>
<p>Error: Not authorized for a user PUT</p>
<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.10">here</a>.<br>
Please continue your visit at our <a href="/">home page</a>.
</p>
</body>
</html>

[bp88]

Looks like the following is needed:

• Advanced Computer Searches: Read
• API Integrations: Read
• Computer Extension Attributes: Read, Update
• Computer PreStage Enrollments: Read, Update
• Computers: Read, Update
• Mobile Device Extensions Attributes: Read, Update
• Mobile Device Managed App Configurations: Read, Update
• Mobile Devices: Read, Update
• Smart Computer Groups: Read
• Smart Mobile Device Groups: Read
• Static Computer Groups: Read, Update
• Static Mobile Device Groups: Read, Update

The missing one which I still don't understand why it fixes the issue:

• Users: Update

Hope this helps someone who may be running into this error.

[mike-levenick]

@bp88 You've got it exactly. Update permissions on Users is an odd one.

Here's a document from Jamf that explains the various permissions needed to perform various tasks. https://developer.jamf.com/jamf-pro/docs/classic-api-minimum-required-privileges-and-endpoint-mapping

From that page:

/computers/id/{id} | POST Create - Computers Create - Users

/computers/id/{id} | PUT Update - Computers Update - Users

I have plans to document exactly what permissions are required to perform various tasks in MUT, but have not gotten around to it yet.