# App Permissions with PPPC Profiles

> Use PPPC Profiles to remotely manage App permissions on macOS Devices — control access to services and enhance security with Applivery.

Source: https://docs.applivery.com/en/device-management/apple/macos/app-management/managing-app-permissions/  •  Last updated: 2026-05-25

**Key topics:** PPPC profiles, macOS app permissions, Device Management, Security and Privacy, macOS, PPPC, Applivery, Apple, Photo Booth, FaceTime

---

**TL;DR:** PPPC profiles let IT admins remotely manage macOS app permissions, enhancing security and streamlining workflows.

**PPPC profiles** (or Privacy Preferences Policy Control) enable IT admins to remotely manage privacy settings on macOS Devices (version 10.14 Mojave and later). With these profiles, you can pre-authorize or deny specific applications access to macOS services such as Contacts, Camera, Microphone, and more. This streamlines workflows by removing permission prompts for users and enhances security by preventing unauthorized access.

## Identifying App Permissions

Before creating a PPPC profile, it’s important to identify the specific permissions an application requires:

-   **Test environment**: Install the App on a dedicated test Mac or virtual machine.
    
-   **Monitor user prompts**: Launch the App and take note of any pop-up prompts requesting access to services like the Camera or Documents.
    
-   **Check System Preferences**: Go to  **System Preferences > Security & Privacy > Privacy**. Look for the App under services such as Contacts or Camera. If the App appears, it requires access to that service.
    

## Creating and assigning a PPPC profile

Once in the [**Applivery Dashboard**](https://dashboard.applivery.io/), go to any of your **Policies** or [create a new one](https://docs.applivery.com/en/device-management/general-settings/create-device-policies/). Click the **\+ Add configuration** button and locate the **Privacy Preferences Policy Control** option.

![privacy preferences](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/02586ccd-53c5-4aed-808e-ca4b08680d6d.png)

You will need to click the **\+ Add element** button for the Apps where you want to configure permissions.

:::info
You can also choose to **Allow** or deny specific App access to each service.
:::

![ppc policy](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/08443b02-4be3-4f5d-ae33-42934564c26f.png)

You will need to define the App to which you are granting permissions by specifying the **Identifier type** 4 and the **Bundle ID** or the App’s **path** identifier. Additionally, you must add the [**App’s Code Requirement**](https://docs.applivery.com/en/device-management/apple/macos/troubleshooting/app-code-requirements/).

:::warning
**Validate code requirement**. Check this option to ensure the App complies with the code signing requirements.
:::

## Important considerations

-   **Conflicting Policies**: If multiple PPPC profiles with conflicting settings are applied, the most restrictive setting (deny) will take precedence.
    
-   **User control**: Although Policies pre-configure App permissions, users can still access certain settings in Apple-developed Apps like Photo Booth or FaceTime.
    
-   **Device update**: Users must relaunch the configured Apps after Policy deployment for the changes to take effect.
