From 3c11c8c1ac0937be677ccdd7e3f696ae5398f5ba Mon Sep 17 00:00:00 2001 From: Lance Cain <139277715+so-lcain@users.noreply.github.com> Date: Mon, 29 Jun 2026 15:06:49 -0400 Subject: [PATCH 1/2] Update tier0-principals.json --- extension/privilege_zone_rules/tier0-principals.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/extension/privilege_zone_rules/tier0-principals.json b/extension/privilege_zone_rules/tier0-principals.json index 490a001..c0917d8 100644 --- a/extension/privilege_zone_rules/tier0-principals.json +++ b/extension/privilege_zone_rules/tier0-principals.json @@ -1,8 +1,8 @@ { "name": "Jamf: Tier Zero Principals", "zone": "Tier Zero", - "description": "Accounts and group principals with 'Full Access' administrator privileges in the tenant and 'SSO' configuration if enabled.", - "cypher": "MATCH (n)\nWHERE n.tier = 0\nRETURN n", + "description": "Accounts and group principals with 'Full Access' administrator privileges in the tenant, the 'jamf_Tenant' root node, and 'SSO' configuration if enabled.", + "cypher": "MATCH (n:jamf)\nWHERE n.tier = 0\nRETURN n", "enabled": true, "allow_disable": true } From 3ec6e2150c1902d8907eef986c66317f67d07144 Mon Sep 17 00:00:00 2001 From: Lance Cain <139277715+so-lcain@users.noreply.github.com> Date: Mon, 29 Jun 2026 15:17:00 -0400 Subject: [PATCH 2/2] Create tier0-assigned-computers.json Add a privilege zone rule to add Jamf Computers that have assigned users which correspond via email or naming convention to Tier Zero accounts to the Tier Zero zone. --- .../privilege_zone_rules/tier0-assigned-computers.json | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 extension/privilege_zone_rules/tier0-assigned-computers.json diff --git a/extension/privilege_zone_rules/tier0-assigned-computers.json b/extension/privilege_zone_rules/tier0-assigned-computers.json new file mode 100644 index 0000000..9c7450b --- /dev/null +++ b/extension/privilege_zone_rules/tier0-assigned-computers.json @@ -0,0 +1,8 @@ +{ + "name": "Jamf: Tier Zero Assigned Computers", + "zone": "Tier Zero", + "description": "Adds Jamf computers to Tier Zero that have assigned users matching Tier Zero principal attributes.", + "cypher": "MATCH (q:jamf_Computer) - [:jamf_AssignedUser] -> () - [] -> (l)\nWHERE l.tier = 0\nRETURN DISTINCT q", + "enabled": true, + "allow_disable": true +}