diff --git a/extension/privilege_zone_rules/tier0-assigned-computers.json b/extension/privilege_zone_rules/tier0-assigned-computers.json new file mode 100644 index 0000000..9c7450b --- /dev/null +++ b/extension/privilege_zone_rules/tier0-assigned-computers.json @@ -0,0 +1,8 @@ +{ + "name": "Jamf: Tier Zero Assigned Computers", + "zone": "Tier Zero", + "description": "Adds Jamf computers to Tier Zero that have assigned users matching Tier Zero principal attributes.", + "cypher": "MATCH (q:jamf_Computer) - [:jamf_AssignedUser] -> () - [] -> (l)\nWHERE l.tier = 0\nRETURN DISTINCT q", + "enabled": true, + "allow_disable": true +} diff --git a/extension/privilege_zone_rules/tier0-principals.json b/extension/privilege_zone_rules/tier0-principals.json index 490a001..c0917d8 100644 --- a/extension/privilege_zone_rules/tier0-principals.json +++ b/extension/privilege_zone_rules/tier0-principals.json @@ -1,8 +1,8 @@ { "name": "Jamf: Tier Zero Principals", "zone": "Tier Zero", - "description": "Accounts and group principals with 'Full Access' administrator privileges in the tenant and 'SSO' configuration if enabled.", - "cypher": "MATCH (n)\nWHERE n.tier = 0\nRETURN n", + "description": "Accounts and group principals with 'Full Access' administrator privileges in the tenant, the 'jamf_Tenant' root node, and 'SSO' configuration if enabled.", + "cypher": "MATCH (n:jamf)\nWHERE n.tier = 0\nRETURN n", "enabled": true, "allow_disable": true }