Since 11.4 jamf is not getting correct access to System Events

[GabeShack]

Hi,
Since around 11.4 (with some security updates apple changed) we have been seeing a mixed sh/apple script cause a message '"Jamf" wants access to control "System Events".'

In the past the TCC Configuration profile I created for both Jamf and OSAScript bypassed this message however after 11.4 this started up, which looks like it requires more PP approval.

I am trying my hardest to narrow down what actually needs to be changed for this to function correctly. I've followed the logging steps in this article:
https://krypted.com/mac-os-x/reviewing-tcc-dialog-prompts-using-logs-on-a-mac/

But it doesn't seem to be providing me with many answers.

In the discussions on this on the Jamf forums, one user has said they got around this by changing the code requirement identifier to be more generic IE using the identifier com.jamf.management.daemon, but using the code requirement for the jamf app.

https://community.jamf.com/t5/jamf-pro/quot-jamf-quot-wants-access-to-control-quot-system-events-quot/m-p/258122#M238876

I cannot verify this is working, but wondering if instead of making these intricate jamf config profiles to allow it to work with osascript and system events, instead to have a premade "Jamf" template that allows for all jamf identifiers to interact with all parts of system events and parent processes?

[macblazer]

@GabeShack Can you post here a plain text mobileconfig file (that is, not signed and encrypted), or an excerpt from it that shows the keys that you are using that do not work? It's hard to diagnose a somewhat generic question and distill an entire forum conversation.

[GabeShack]

In reviewing this issue with both Apple and Jamf, it seems this has been a verified issue and its recommended when creating a TCC for any Jamf process, to use the the code identifier of the the parent process (jamf.app) instead of the child process jamfdaemon.

I can submit both the code im trying to run and the jamf tcc i currently use that causes it to prompt for access to system events, however i believe now after speaking with some engineers at apple, that this is not a solvable issue currently.