Thizzer Thizzer - 1 month ago 21
iOS Question

What are the available iPhone MDM AccessRights

I am currently using 8191 for the 'AccessRights' variable required for the MDM payload (com.apple.mdm).

Now when using this the users gets the following message:


The administrator may collect personal data, add/remove accounts and
restrictions, list, install and manage apps, and remotely erase data
on your iPhone


Telling him/her the MDM-server are allowed to wipe the device remotely. Now I don't want the MDM-server to be able to do this at all.

When I change the AccessRights to 4161 for instance, the message changes into:


The administrator may collect personal data, and list, install and
manage apps on your iPhone


Now I can't find ANY reference to this AccessRights variable and its values. Can anyone enlighten me on what the value actually represents?

Answer

Here is the table that describes all flags for access rights:
AccessRights

You can mix these values to configure necessary list of access rights.
In your particular cases:
8191 - is a combination of all above values.
4161 - is a combination of 4096, 64 and 1.