Authorization rights related to system settings on macOS control actions performed within the System Settings panel.
These rights often cover a wide range of privileges, which can create security gaps if granted indiscriminately.
When granted without caution, they may allow changes to critical operating system configuration files, manipulation of user group permissions, and other activities that compromise the integrity of the device.
Main authorization rights
Some examples of broad rights that should be used with caution:
system.privilege.*system.preference.*system.install.*
These patterns, when enabled, unlock multiple high-impact permissions on the system.
Security risk
- Broad permissions can be exploited by malicious applications to alter critical settings.
- Granting without granularity can open gaps that facilitate attacks or misuse by unauthorized users.
Best practices
- Whenever possible, link authorization rights to specific signatures of trusted applications.
- Prefer applying these permissions through MDM (Mobile Device Management), ensuring granularity and avoiding global grants.
- Grant only what is strictly necessary to maintain system integrity and reduce the attack surface.