Triggering On-Demand Events for Non-Administrators

On-demand events are Power Manager events that can be manually triggered at any time. In this recipe we open on-demand events up to non-administrators.

Power Manager lets you create on-demand events. These are events that can be manually triggered at any time. On-demand events appear in Power Manager’s status menu bar. In this recipe we open on-demand events up to non-administrators.

By default, Power Manager’s on-demand events can only be triggered by administrator users. Triggering an on-demand event requires administrator rights, or for an administrator to provide their security credentials - name and password.

You may want to provide non-administrator colleagues with the ability to trigger on-demand events. This can be particularly useful where an event is used to perform back ups or run a script requiring elevated privileges.

Let’s look at how to ease this security requirement.

OS X Authorisation Rights

Power Manager’s authorisation rights are built on OS X’s authorisation rights store. This store of authorisation rights is located at /var/db/authdb and, as a general rule, this file is best left alone. The file contains the authorisation rights for your Mac and editing mistakes can leave your Mac needing expert assistance to restore.

Power Manager uses two OS X authorisation rights:

  • uk.co.dssw.powermanager.administrator
  • uk.co.dssw.powermanager.universal

These rights define the two groups of users; those with administrator privileges and those without.

You can examine these rights using the security tool and the following Terminal.app command:

security authorizationdb read uk.co.dssw.powermanager.administrator

The output will show the current rule and requirements to meet this right. For this recipe, we do not need to change these OS X authorisation rights.

Power Manager Authorisation Rights

The on-demand right we want to change is handled directly by Power Manager. To see the available Power Manager rights, use the following Terminal.app commands:

cd '/Applications/Power Manager.app/Contents/Tools/'
./pmctl -f xml authorisation.rights

List Power Manager’s authorisation rights

Triggering an on-demand event requires the right ondemand.perform. By default, this right is provided only to administrators.

For non-administrators to trigger an on-demand event, they will need the ondemand.perform right. We need to tell pmrights to change the ondemand.perform right from “administrator” to “universal”. The following steps walk through this process.

Changing the On-Demand Right

  1. Launch the Terminal.app utility:

    Applications > Utilities > Terminal.app

  2. In Terminal.app, copy and paste the following single command:

    ‘/Applications/Power Manager.app/Contents/Tools/pmctl’ -r ‘authorisation.applyright’ -p ‘signature=ondemand.perform’ -p ‘rule=universal’

Change the on-demand right to universal

  1. Issue the command by pressing the Return key on your keyboard.

The change has been made. Non-administrator users using your Mac will now be able to trigger Power Manager’s on-demand events.

Resetting the On-Demand Right

All rights come with default privileges. You can restore a right to use the default privileges by omitting the rule parameter. For the on-demand right, the command becomes:

'/Applications/Power Manager.app/Contents/Tools/pmctl' -r 'authorisation.applyright' -p 'signature=ondemand.perform'