Uploading files and documentation for Privileges 1.5.2

Uploading source code, management profiles and documentation for Privileges 1.5.2.

README.md

@@ -16,6 +16,7 @@ Requirements
 * macOS 10.13.x
 * macOS 10.14.x
 * macOS 10.15.x
+* macOS 11.0.x
 
 Installation
 ===================================
@@ -28,7 +29,7 @@ Installation
 <br>
 <br>
 
-![](readme_images/Privileges_150_installed.png)
+![](readme_images/Privileges_152_installed.png)
 
 <br>
 
@@ -40,7 +41,7 @@ Installation
 
 <p></p>
 
-![](readme_images/privileges_150_installation.gif)
+![](readme_images/privileges_152_installation.gif)
 
 <p></p>
 <p></p>
@@ -66,7 +67,7 @@ If you are a standard user and want admin rights, verify that **Privileges.app**
 4. A **Privileges have been changed successfully** message should appear.
 <p></p>
 
-![](readme_images/privileges_get_admin_rights.gif)
+![](readme_images/privileges_152_get_admin_rights.gif)
 
 <p></p>
 5. The logged-in account should now have admin rights.
@@ -85,7 +86,7 @@ If you are a admin user and want to remove admin rights, verify that **Privilege
 4. A **Privileges have been changed successfully** message should appear.
 <p></p>
 
-![](readme_images/privileges_remove_admin_rights.gif)
+![](readme_images/privileges_152_remove_admin_rights.gif)
 
 <p></p> 
 5. The logged-in account should now be a standard user account.
@@ -132,6 +133,14 @@ This is by design. The icon is green and displays a locked padlock icon when you
 
 <br>
 
+Dock icon for macOS Catalina and earlier:
+
+![](readme_images/Privileges_icon_locked_catalina.png)
+
+<br>
+
+Dock icon for macOS Big Sur:
+
 ![](readme_images/Privileges_icon_locked.png)
 
 <br>
@@ -140,6 +149,14 @@ The icon is yellow and displays an unlocked padlock icon when you are an adminis
 
 <br>
 
+Dock icon for macOS Catalina and earlier:
+
+![](readme_images/Privileges_icon_unlocked_catalina.png)
+
+<br>
+
+Dock icon for macOS Big Sur:
+
 ![](readme_images/Privileges_icon_unlocked.png)
 
 <br>
@@ -171,7 +188,7 @@ To set the amount of time used by the **Toggle Privileges** option, use the foll
 3. Select the desired amount of time from the available options.
 <p></p>
 
-![](readme_images/set_privileges_toggle_time_limit.gif)
+![](readme_images/set_privileges_152_toggle_time_limit.gif)
 
 ### What actions do the Lock Screen and Login Window toggle options perform?
 
@@ -293,7 +310,7 @@ log show --style syslog --predicate 'process == "corp.sap.privileges.helper" &&
 Application Management
 ===================================
 
-As of Privileges 1.0.5, it is possible to manage settings for **Privileges.app** or the **PrivilegesCLI** command line tool using a macOS configuration profile. [For more details, please click here](application_management).
+As of Privileges 1.5.0, it is possible to manage settings for **Privileges.app** or the **PrivilegesCLI** command line tool using a macOS configuration profile. [For more details, please click here](application_management).
 
 
 Support

application_management/README.md

@@ -5,14 +5,31 @@ As of Privileges 1.5.0, it is possible to manage the following settings for **Pr
 Preference domain: **corp.sap.privileges**
 
 Key: **DockToggleTimeout**
+
+Available for: Privileges 1.5.0 and later.
 
 Value: **Integer**
 
 Description: Set a fixed timeout, in minutes, for the Dock tile's `Toggle Privileges` command. After this time, the admin rights are removed and set back to standard user rights. A value of **0** disables the timeout and allows the user to permanently toggle privileges.
 
+<br>
+
+Key: **DockToggleMaxTimeout**
+
+Available for: Privileges 1.5.2 and later.
+
+Value: **Integer**
+
+Description: Set a maximum timeout for the Dock tile's `Toggle Privileges` command. This generally works the same way as the `DockToggleTimeout` but allows the user to choose every timeout value up to the one specified. So if the admin would set `DockToggleMaxTimeout` to 20 minutes, the user may decide to set it to a value below 20 instead of being forced to use the 20 minute timeout. 
+
+**Note:** If `DockToggleMaxTimeout` and `DockToggleTimeout` values have both been set, the value set for `DockToggleTimeout` will override whatever is set for `DockToggleMaxTimeout`.
+
+<br>
 
 
 Key: **EnforcePrivileges**
+
+Available for: Privileges 1.5.0 and later.
 
 Value: `admin`, `user` or `none`
 
@@ -24,18 +41,25 @@ Description: Enforces certain privileges. Whenever **Privileges.app** or the **P
 * **user**: standard user rights are always set by Privileges.
 * **none**: **Privileges.app** and the **PrivilegesCLI** command line tool are disabled and it is not possible to change user privileges using these tools.
 
+<br>
+
 
 Key: **LimitToGroup**
+
+Available for: Privileges 1.5.0 and later.
 
 Value: a string containing the name of a specified group
 
 *Note: This is a string value.*
 
 Description: Limits the usage of **Privileges.app** to the given user group. 
 
+<br>
 
 Key: **LimitToUser**
 
+Available for: Privileges 1.5.0 and later.
+
 Value: a string containing a specified user account's short name
 
 *Note: This is a string value.*
@@ -44,10 +68,12 @@ Description: Limits the usage of **Privileges.app** to the given user account.
 
 *Note: If used with a client management system that supports variables in configuration profiles, variables like `$USERNAME` may be used here.*
 
-
+<br>
 
 
 Key: **ReasonRequired**
+
+Available for: Privileges 1.5.0 and later.
 
 Value: `true` or `false`
 
@@ -64,9 +90,11 @@ If using `ReasonRequired`, then the `ReasonMinLength` key must also be set. The
 
 *Note: If setting `ReasonRequired`, the `Toggle Privileges` option is automatically disabled.*
 
-
+<br>
 
 Key: **RemoteLogging**
+
+Available for: Privileges 1.5.0 and later.
 
 Value: A dictionary array containing the relevant server information
 
@@ -146,9 +174,12 @@ If using `RemoteLogging`, then the following subsidiary keys must also be set:
 * `LogSeverity`
 * `MaximumMessageSize`
 
+<br>
 
 
 Key: **RequireAuthentication**
+
+Available for: Privileges 1.5.0 and later.
 
 Value: a string containing a specified user account's short name
 
@@ -160,12 +191,13 @@ Description: Requires authentication before using  **Privileges.app**. If set to
 
 *Note: If setting `RequireAuthentication`, the `Toggle Privileges` option is automatically disabled.*
 
-
+<br>
 
 
 Example configuration profiles are available via the links below:
 
 * [Privileges DockToggleTimeout macOS Configuration Profile](example_profiles/DockToggleTimeout/Example_DockToggleTimeout.mobileconfig)
+* [Privileges DockToggleMaxTimeout macOS Configuration Profile](example_profiles/DockToggleMaxTimeout/Example_DockToggleTimeout.mobileconfig)
 * [Privileges EnforcePrivileges macOS Configuration Profile](example_profiles/EnforcePrivileges/Example_EnforcePrivileges.mobileconfig)
 * [Privileges LimitToGroup macOS Configuration Profile](example_profiles/LimitToGroup/Example_LimitToGroup.mobileconfig)
 * [Privileges LimitToUser macOS Configuration Profile](example_profiles/LimitToUser/Example_LimitToUser.mobileconfig)
@@ -186,15 +218,27 @@ The **Privileges.app** dock icon will change colors from the standard color sche
 * **RemoteLogging**
 * **RequireAuthentication**
 
-*Note: The `DockToggleTimeout` management key does not trigger the custom color scheme.*
+*Note: The `DockToggleTimeout` and `DockToggleMaxTimeout` management keys do not trigger the custom color scheme.*
 
 
 The icon is black with a green outline and displays a locked padlock icon when you are a standard user.
 
+Icon for macOS Catalina and earlier:
+
+![](readme_images/icon_bk1_catalina.png)
+
+Icon for macOS Big Sur:
+
 ![](readme_images/icon_bk1.png)
 
 The icon is black with a yellow outline and displays an unlocked padlock icon when you are an administrator.
 
+Icon for macOS Catalina and earlier:
+
+![](readme_images/icon_bk2_catalina.png)
+
+Icon for macOS Big Sur:
+
 ![](readme_images/icon_bk2.png)
 
 

application_management/example_profiles/DockToggleMaxTimeout/Example_DockToggleMaxTimeout.mobileconfig

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadContent</key>
+			<dict>
+				<key>corp.sap.privileges</key>
+				<dict>
+					<key>Forced</key>
+					<array>
+						<dict>
+							<key>mcx_preference_settings</key>
+							<dict>
+								<!--
+									key: DockToggleMaxTimeout
+									value: a positive integer
+									
+									Set a maximum timeout for the Dock tile's "Toggle Privileges" command. This
+									generally works the same way as the "DockToggleTimeout" but allows the user
+									to choose every timeout value up to the one specified. So if the admin would
+									set "DockToggleMaxTimeout" to 20 minutes, the user may decide to set it to
+									a value below 20 instead of being forced to use the 20 minute timeout. With 
+									regards to user experience we recommend to use "DockToggleMaxTimeout" instead
+									of "DockToggleTimeout". if "DockToggleMaxTimeout" and "DockToggleTimeout" 
+									have been set, the fixed value of "DockToggleTimeout" takes precedence over 
+									"DockToggleMaxTimeout".
+								-->
+								<key>DockToggleMaxTimeout</key>
+								<integer>20</integer>
+							</dict>
+						</dict>
+					</array>
+				</dict>
+			</dict>
+			<key>PayloadDescription</key>
+			<string/>
+			<key>PayloadDisplayName</key>
+			<string>Privileges configuration</string>
+			<key>PayloadEnabled</key>
+			<true/>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.ManagedClient.preferences.8436814F-858D-4875-8552-4263D70478E2</string>
+			<key>PayloadOrganization</key>
+			<string>SAP SE</string>
+			<key>PayloadType</key>
+			<string>com.apple.ManagedClient.preferences</string>
+			<key>PayloadUUID</key>
+			<string>8436814F-858D-4875-8552-4263D70478E2</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>Configures the Privileges app.</string>
+	<key>PayloadDisplayName</key>
+	<string>Privileges configuration</string>
+	<key>PayloadEnabled</key>
+	<true/>
+	<key>PayloadIdentifier</key>
+	<string>E9DDB703-8D19-40AA-B01D-B6D778E8253D</string>
+	<key>PayloadOrganization</key>
+	<string>SAP SE</string>
+	<key>PayloadRemovalDisallowed</key>
+	<true/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>C2F39834-001F-4930-AC7D-E5BA0DE82529</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>

source/MTAuthCommon.h

@@ -64,5 +64,6 @@
 
 #define ADMIN_GROUP_ID 80
 #define DEFAULT_DOCK_TIMEOUT 20
+#define FIXED_TIMEOUT_VALUES {0, 5, 10, 20, 60}
 
 @end