Create a Privilege Management Workstyle

  1. Navigate to the Policy Catalog and select BeyondTrustPrivilege Management from the Products list on the left side (for 5.9 and older versions, select BeyondTrustPrivilege Management from the Product dropdown and click the policy from the list that you want to add a Workstyle to).
  2. Click the number for Mac Workstyles. If this is a blank policy this will be 0.
  3. Select Actions > Create using Wizard to start creating a Privilege Management for Mac Workstyle. This launches the Workstyle Wizard and takes you through the following screens.
  4. Introduction.This page displays if you have not yet configured a Privilege Management license in the policy, prompting you to enter a valid license code for the policy.
  5. Choose a Workstyle. You can choose from Controlling or Blank for your Workstyle. A controlling Workstyle allows you to apply rules for access to privileges and applications. A blank Workstyle allows you to create an empty Workstyle without any predefined elements. If you select a blank Workstyle, the next screen is  Finish, as there is nothing to configure.
  6. Filtering (Controlling Workstyle only). This determines who receives this Workstyle. You can choose from standard users only or everyone. If you apply it to everyone it will apply to administrators. You can modify the filters and apply more detailed filtering once the Workstyle has been created.
  7. Select Capabilities (Controlling Workstyle only). Allows you to choose Privilege Management and / or Application Control. If you don't select either capability, the next screen is Finish. This Workstyle will only contain filtering information.
  8. Privilege Management (Controlling Workstyle with the Privilege Management capability). Allows you to choose:
    • how you manage sudo control
    • how you manage authorization prompts
    • how you manage installer privileges
  9. If you select Present users with a challenge code from the dropdown, you are prompted to configure the Challenge and Response functionality at the end of creating your Workstyle, if your policy doesn't already have one.

  1. Application Control (Controlling Workstyle with the Application Control capability). Allows you to choose:
    • How you want to apply application control. You can choose from a allowlist or blocklist approach. We recommend you use a allowlist approach.
    • If you select As a allowlist: How you want to handle non-allowlisted applications.
    • If you select As a blocklist: How you want to handle blocklisted applications.

    If you select Present users with a challenge code from the dropdown, you are prompted to configure the Challenge and Response functionality at the end of creating your Workstyle if your policy doesn't already have one.

  2. Finish. Allows you to enter a Name and Description for your new policy. If the Workstyle has been configured to use a Challenge / Response message and the policy doesn't have an existing key, you will be asked to set a key. You can check the box on this screen to activate this Workstyle immediately or you can leave the box unchecked to continue to configure the Workstyle before you apply it to your endpoints.

Depending on the type of Workstyle you create and any capabilities that are included, Privilege Management for Mac auto-generates certain Application Groups (containing rules), and messages. Filters are applied and subsequently configured as part of the Workstyle.

After you change the policy, click Submit and then Save to save the policy. In ePO 5.10 and later, if you have McAfee Approvals workflow enabled, this workflow can be modified to change the Save button to Submit for Review based on user permissions.