> ## Documentation Index
> Fetch the complete documentation index at: https://specterops-bed-6715-managed-id-auth-method.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Privilege Zone Rules

> Jamf extension Privilege Zone rules

<img noZoom src="https://mintcdn.com/specterops-bed-6715-managed-id-auth-method/32bGxo1_JbXAaHjs/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=32bGxo1_JbXAaHjs&q=85&s=bb5b2bc8331220b968a23923bc289c26" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

The following Privilege Zone rules can be imported into BloodHound to group nodes for Cypher query analysis and BloodHound Enterprise finding generation.

<Info>
  This file is automatically generated from the [JSON Privilege Zone rule files](https://github.com/SpecterOps/openhound-jamf/tree/main/extension/privilege_zone_rules).
</Info>

## Tenant

Tenant nodes in Jamf Pro.

Zone: Tier Zero

```cypher theme={null}
MATCH (n:jamf_Tenant)
RETURN n
```

This rule is defined in the [tenant.json](https://github.com/SpecterOps/openhound-jamf/tree/main/extension/privilege_zone_rules/tenant.json) file.

## Tier Zero Principals

Accounts and group principals with 'Full Access' administrator privileges in the tenant and 'SSO' configuration if enabled.

Zone: Tier Zero

```cypher theme={null}
MATCH (n)
WHERE n.tier = 0
RETURN n
```

This rule is defined in the [tier0-principals.json](https://github.com/SpecterOps/openhound-jamf/tree/main/extension/privilege_zone_rules/tier0-principals.json) file.
