Hello,
We're having issues with using a custom xml profile configuration.
I have a simple configuration file which we publish after installing a specific security app, which grants Full Disk Access to the application.
Using JAMF with the configuration file worked fine and the application was given full disk access.
For some reason, using the same configuration file with vmware workspace one doesn't succeed and full disk access is not applied, yet I do see the profile is being applied.
Below is my xml config file, removed personal information.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>identifier "com.myapp.app" and anchor apple generic and certificate 1[field.x.x.xxx.xxxxxx.xxx.x.x.x] /* exists */ and certificate leaf[field.x.x.xxx.xxxxxx.xxx.x.x.xx] /* exists */ and certificate leaf[subject.OU] = NNNNNNNNNN</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.myapp.app</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>payloadScope</key>
<string>system</string>
</dict>
</plist>
Thanks for any help
try pasting just the
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>identifier "com.myapp.app" and anchor apple generic and certificate 1[field.x.x.xxx.xxxxxx.xxx.x.x.x] /* exists */ and certificate leaf[field.x.x.xxx.xxxxxx.xxx.x.x.xx] /* exists */ and certificate leaf[subject.OU] = NNNNNNNNNN</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.myapp.app</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>payloadScope</key>
<string>system</string>
</dict>
@shaharnis - did you copy/paste this into a custom XML profile or did you use the "Privacy Preferences" payload in a macOS device profile?
If you did a custom XML profile, you may have pasted too much of the profile. You would only need to paste the following content:
<dict>
<key>PayloadDescription</key>
<string>My_App_Policy</string>
<key>PayloadDisplayName</key>
<string>My_App_Policy</string>
<key>PayloadIdentifier</key>
<string>1111111-1111-1111-1111-11111111</string>
<key>PayloadOrganization</key>
<string>myapp</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>22222222-1111-1111-1111-11111111</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>identifier "com.myapp.app" and anchor apple generic and certificate 1[field.x.x.xxx.xxxxxx.xxx.x.x.x] /* exists */ and certificate leaf[field.x.x.xxx.xxxxxx.xxx.x.x.xx] /* exists */ and certificate leaf[subject.OU] = NNNNNNNNNN</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.myapp.app</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
Workspace ONE will handle wrapping the custom XML dictionaries into the array.