> ## Documentation Index
> Fetch the complete documentation index at: https://docs.idemeum.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SUDO control for macOS

> Automatically elevate SUDO commands on macOS with Endpoint Privilege Management

## Overview

When you remove local admin rights on macOS, users will not be able to use sudo on macOS workstations. If you need to allow sudo for certain users, you can create rules to automatically elevate sudo commands.

<img src="https://mintcdn.com/idemeum/iKppfFUhM6DR8oI_/images/CleanShot-2026-06-08-at-17.35.50@2x.png?fit=max&auto=format&n=iKppfFUhM6DR8oI_&q=85&s=7afc853b031a1e9e2130071e11bcf433" alt="Clean Shot 2026 06 08 At 17 35 50@2x" width="2810" height="2076" data-path="images/CleanShot-2026-06-08-at-17.35.50@2x.png" />

When your users are downgraded to standard user accounts you need to create a sudo rule. Create the following rule for sudo:

* Create a rule for sudo with a descriptive name
* Choose `sudo` for filename
* Use certificate elements to check for `Apple Inc.` in the organization attribute
* Allow application to execute and elevate
* Assign the rule to certain devices you need

<Frame>
  <img src="https://mintcdn.com/idemeum/iKppfFUhM6DR8oI_/images/CleanShot-2026-06-08-at-17.38.25@2x.png?fit=max&auto=format&n=iKppfFUhM6DR8oI_&q=85&s=fdc24668bbbad569000f10dfe700b6ff" alt="Clean Shot 2026 06 08 At 17 38 25@2x" width="1718" height="2926" data-path="images/CleanShot-2026-06-08-at-17.38.25@2x.png" />
</Frame>