Favicon

You are here: Home > Device Management > macOS > Managing app permissions on macOS

Managing app permissions on macOS

Learn how to use Privacy Preferences Policy Control (PPPC) profiles to remotely manage app permissions on macOS devices with Applivery.

PPPC profiles (or Privacy Preferences Policy Control) enable IT admins to remotely manage privacy settings on macOS devices (version 10.14 Mojave and later). With these profiles, you can pre-authorize or deny specific applications access to macOS services such as Contacts, Camera, Microphone, and more. This streamlines workflows by removing users’ permission prompts and enhances security by preventing unauthorized access.

Identifying App Permissions

Before creating a PPPC profile, it’s important to identify the specific permissions an application requires:

  • Test environment: Install the app on a dedicated test Mac or virtual machine.
  • Monitor user prompts: Launch the app and take note of any pop-up prompts requesting access to services like the Camera or Documents.
  • Check System Preferences: Go to System Preferences > Security & Privacy > Privacy. Look for the app under services such as Contacts or Camera. If the app appears, it requires access to that service.

Creating and assigning a PPPC profile

Once in the Applivery Dashboard, navigate to the Policies (1) section (under Device Management > Devices) and select the policy where you want to configure your PPPC profile, or create a new one. Click the + Add configuration (2) button and locate the Privacy Preferences Policy Control option.

privacy-preferences-policy-control | Applivery

You will need to click the + Add element button for the apps where you want to configure permissions.

Note

You can also choose to Allow (3) or deny specific app access to each service.

allowed-privacy-preferences-policy-control | Applivery

You will need to define the app to which you are granting permissions by specifying the Identifier type (4) and the Bundle ID or the app’s path identifier (5). Additionally, you must add the app’s Code Requirement (6).

Validate code requirement Check this option to ensure the app complies with the code signing requirements.

pppc-configuration | Applivery

Important considerations

  • Conflicting policies: If multiple PPPC profiles with conflicting settings are applied, the most restrictive setting (deny) will take precedence.
  • User control: Although policies pre-configure app permissions, users can still access certain settings in Apple-developed apps like Photo Booth or FaceTime.
  • Device update: Users must relaunch the configured apps after policy deployment for the changes to take effect.