Description
This article provides steps to grant Jamf Pro user accounts with custom privileges the necessary privileges to be able to view FileVault Recovery Keys.
These steps are needed for Jamf Pro admins:
seeing "Access Denied" when trying to open computer records in order to view the recovery key
that do not see the Personal Recovery Key/Institutional Recovery Key field displaying in the computer record
Adjusting User Permissions for Recovery Keys
In Jamf Pro Settings go to Settings > System > User accounts and groups.
Click New > Create Standard Account or open the user/group that needs adjustment and click Edit.
Click Privileges.
Click Jamf Pro Server Actions and check the box to enable View Disk Encryption Recovery Key.
Click Jamf Pro Server Objects give Read permission for:
Computers
Disk Encryption Configurations (Full-Access Jamf Pro users only, option will not show for users assigned to a site)
Disk Encryption Institutional Configurations (if using institutional recovery key, which is not recommended)
Click Save.
The Jamf Pro user now has access to FileVault Recovery Keys.