SAP/macOS-enterprise-privileges โ€” GitHub Repository Preview
Security & Pentesting โ˜… 1.9k Objective-C

SAP/macOS-enterprise-privileges

by @SAP ยท

1.9k Stars
174 Forks
1 Issues
Objective-C Language

Privileges is a macOS application by SAP that gives users in enterprise environments temporary administrator access on demand. Instead of granting permanent admin rights, users can elevate their privileges for a configurable time window to perform tasks like installing or removing applications, then automatically revert to standard user status. The app works completely offline, supports MDM configuration profiles for centralized policy management, and includes a CLI tool (PrivilegesCLI) with Touch ID and Smart Card/PIV authentication. It features tamper protection on macOS 13+, menu bar status indicators, AppleScript compatibility for automation, webhook support for integration with enterprise monitoring, and localization in 41 languages. Ideal for organizations that want to follow the principle of least privilege while still empowering users to manage their own machines when needed.

Author avatar for @SAP
@SAP Project maintainer on GitHub
View Profile
View on GitHub
git clone https://github.com/SAP/macOS-enterprise-privileges.git

Quick Start Example

bash 
# Check current privilege status
/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --status

# Request administrator privileges
/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --add

# Remove administrator privileges
/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove

# Request admin privileges with a reason
/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --add --reason "Installing Xcode update"

Tags

#macos#privilege-management#enterprise#endpoint-security#mdm

Related Projects