How to manage privilege profiles on EPM macOS

This document provides information on how to create, edit, and manage privilege profiles on EPM macOS. As an administrator, you can group multiple macOS policies (application access lists, sudo rules, and authorization rights) into reusable profiles and assign them to users or devices, simplifying permission management.

Requirements

• User with EPM administrator role to manage privilege profiles. More information in How to manage users.
• Individual policies created in their respective menus. More information in:
  • How to create a general access policy.
  • How to create a device-based access policy.
  • How to create a user-based access policy.
  • How to identify and configure Authorization Rights in EPM macOS.
  • How to create Sudo rules in EPM macOS.

Add a privilege profile

To add a privilege profile on EPM macOS, follow these steps:

1. On Segura® Platform, in the navigation bar, hover over the Products menu and select EPM.

2. In the side menu, select Policies > MacOS > Privilege Profile.

3. On the report screen, click Add.

   Attention

   Ensure that the global system parameter Enable Privilege Profile? * is enabled in the EPM settings. If this parameter is disabled, a warning will be displayed on the report screen and the configured profiles will not be applied to the targets. More information in About privilege profiles and System parameters - EPM.

4. In the General tab, complete the following fields:

   1. Name *: enter a name for the privilege profile.
   2. Status *: set the status of the privilege profile. The options are: Enabled and Disabled.
   3. Description: enter a description for the privilege profile.
   4. Specify targets to apply *: define whether the targets to receive privileges will be specified. The options are: Yes and No. When setting this field as Yes, the Targets tab will be displayed.

5. In the Access policies tab, click Add and select the access policies you want to associate with the privilege profile.

6. In the Sudo Rules tab, click Add and select the sudo rules you want to associate with the privilege profile.

7. In the Authorization Rights tab, click Add and select the authorization rights you want to associate with the privilege profile.

8. (Optional) In the Targets tab:

   1. Devices: click Add and select the devices to which you want to apply the privilege profile.
   2. Users: click Add and select the users to which you want to apply the privilege profile.
   Info

   This tab will only be displayed if the Specify targets to apply * field is set to Yes.

9. In the Review tab, review all the information entered previously and click Save.

After saving, the newly created privilege profile will be displayed on the report. Once a privilege profile is active, all previous individual policy segregations will be ignored, and only the active privilege profiles will be applied.

Edit a privilege profile

To edit a privilege profile on EPM macOS, follow these steps:

1. On Segura® Platform, in the navigation bar, hover over the Products menu and select EPM.
2. In the side menu, select Policies > MacOS > Privilege Profile.
3. On the report screen, identify the desired privilege profile and click Edit.
4. Make the necessary changes and click Save.