Users without "Create"/"Edit" permissions are able to get emergency access to Jamf Pro environments (if enabled)

[et-j]

Users with restricted permission sets are unable to perform associated tasks within Scout - however, Scout users without "Create" or "Edit" permissions enabled are able to generate an emergency access password (if emergency access is enabled in Scout) and perform full Admin operations within Jamf Pro.

Ideally, this functionality would be restricted to Create/Edit or a completely new permission set.

[jacobschultz]

This feature is now behind the user.is_admin bool flag in the database. Note that this is only editable through the database if you have server access, not the UI. I figured this was a good one to put behind an admin permission because it's quite powerful.