I have spend a week now trying to do something that looked like a simple task as granting Accessibility to our splashtop remote desktop tool for macs.
The primary issue is on Mojave OSX since it was not required before and on Catalina the end user needs to enable Screen Recording settings in Privacy without requirement to have admin rights on the MAC computer. (not ideal but manageable)
But I shouldn't have to do that since the the system manager profile tool has this option build in:
All I need Bundle ID, Code requirement and select Accessibility to allowed.
Bundle ID: com.splashtop.Splashtop-Streamer
Code requirement: identifier "com.splashtop.Splashtop-Streamer" and anchor apple generic and certificate 1[field.1.2.840.1136126.96.36.199.6] /* exists */ and certificate leaf[field.1.2.840.1136188.8.131.52.13] /* exists */ and certificate leaf[subject.OU] = CPQQ3AW49Y
@L4d1k I feel your pain, I find SM works great with iOS devices however I wasn't able to get things working on the MacOS Side of things so we moved our Macs to being managed with JAMF
I have used a utility called PPPC Utility in the past that allows you to create profiles that can be deployed. I have made two profiles with this app so far deploying one for Teamviewer as it requires accessibility to be able to remotely control another users computer and one for our backup software so that it can backup what Apple considers personal files i.e. pictures folder.
And yes at this point my plan is to move away from meraki and switch back to JAMF as soon as I can unfortunately to switch MDM requires me to physically touch the devices initially and that is not going to be available for some time.
I had used similar tool to create and upload custom profile (this option is available on meraki):
I have enabled "Accessibility" in Privacy Preferences Policy Control (PPPC) for several other macOS applications with Systems Manager created PPPC profiles, and I may be able to assist. There are definitely some quirks about enabling/disabling PPPC settings via MDM profiles, but as long as Splashtop application is asking the macOS system for this permission correctly we should be able to enable this permission through a Systems Manager created PPPC profile.
@L4d1k thank you for messaging me your support case. I really enjoy trying to figure out the pain points and I think there is an explanation for the behavior you are experiencing.
I was able to get this to work via Systems Manager, and your setup for com.splashtop.Splashtop-Streamer may actually be working too. I believe you may be confused by the macOS System Preferences UI, which is not a good representation for the actual PPPC settings on macOS (let me explain this a bit).
First, here is the setting I used to successfully enable Accessibility for com.splashtop.Splashtop-Streamer:
"Accessibility" allows you to control the user's screen (control the mouse movement, specifically, with Splashtop). With this^ PPPC profile scoped to a macOS device who has com.splashtop.Splashtop-Streamer installed, I am able to control the user's screen without needing to have the end user enable "Accessibility" for "Splashtop Streamer" in System Preferences. However, if you look at the macOS System Preferences UI, you will notice the checkmark is still unchecked (this is normal!):
To further confirm the MDM PPPC profile is working: as soon as I remove the PPPC profile and restart the Splashtop app, I cannot control the user's screen anymore. Once I rescope the MDM PPPC profile again, I can control the screen's mouse movements again. This is working as designed, and the Systems Manager PPPC profile is actually enabling com.splashtop.Splashtop-Streamer, despite it being unchecked in macOS Systems Preferences.
Whats displayed on macOS 10.14 and 10.15 in System Preferences > Security & Privacy > Privacy are only the decisions end users made with prompts presented to them, not settings pushed via MDM profiles. Its essentially displaying the values that are stored in the TCC databases that can be found at /Library/Application Support/com.apple.TCC/TCC.db or ~/Library/Application Support/com.apple.TCC/TCC.db.
These are some of the quirks with PPPC via MDM on macOS Catalina right now, but it is the behavior all MDMs are facing. The Systems Manager profile is actually working to enable Accessibility for com.splashtop.Splashtop-Streamer, at least in my quick repro.
(Sidenote: if you have a test device, you may find it useful to reset all of the local PPPC settings before trying again with this command: tccutil reset All)
Can you confirm that if you use the same PPPC profile from Systems Manager (screenshot above) you are able to control mouse movements with Splashtop?