Documentation Index

Fetch the complete documentation index at: https://docs.senhasegura.io/llms.txt

Use this file to discover all available pages before exploring further.

About authorization rights in EPM macOS

Prev Next

Authorization rights in EPM macOS define actions that are only executed when an application or the user itself attempts to perform them. These actions require the user to have administrator credentials.

If the user does not have these administrator credentials and there is a registered Authorization Right for the action, EPM will prompt them to provide a standard credential. This credential will be used to extend the right and allow the execution of the action linked to the authorization right, even if it is not an account with administrator privileges.

More information in How to identify and configure authorization rights (Auth Rights) in EPM macOS.

Features

Authorization rights allow you to:

  • Define permissions based on criteria such as application name, digital signature, and execution path.
  • Associate specific users with authorization rules, ensuring that only authorized users can perform certain actions.
  • Create authorization rules segregated by scope: general, per device, or per user.
  • Validate rules based on technical criteria to strengthen the security of the environment.

Applicability

Authorization rights are especially useful in environments that require strict control over the use of sensitive commands or applications. They provide an additional security layer compared to general access policies, enabling controlled and auditable exceptions.

Use of regular expressions (Regex) with Authorization Rights

In EPM macOS, Authorization Rights support regular expressions in the PCRE2 standard for two criteria:

  • Authorization right: identifier of the right requested by the process.
  • Execution path: full path of the binary/process requesting the right.
Info

For SUDO commands, use POSIX Regex, not PCRE2.

Use cases

  • Allow a restricted group of users to execute specific administrative commands.
  • Restrict the execution of development tools outside business hours.
  • Authorize users from certain domains to access essential scripts or automations.
  • Create exceptions to global rules based on application name or digital signature.
Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
Connect With Us
SEGURA
LEARN
EXPLORE
Copyright © Segura. All Rights Reserved