Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Device management (MDM) Endpoint operations Vulnerability management Integrations
Docs REST API Guides Built-in queries Data tables SUPPORT Chat Hosting Release notes Get your license Contribute
Community
Chat News Podcasts Articles Success stories COMPANY Handbook Logos/artwork Why open source?
Pricing Start now
All platforms
Windows
Linux
macOS
ChromeOS
search

A menu icon Tables {{numberOfTablesDisplayed}}

right chevron down chevron

Tables{{numberOfTablesDisplayed}}

macOS logo Windows logo Linux logo macOS logo

keychain​_acls

Applications that have ACL entries in the keychain. NOTE: osquery limits frequent access to keychain files. This limit is controlled by keychain_access_interval flag.

Column Type Description
authorizations text A space delimited set of authorization attributes
description text The description included with the ACL entry
keychain_path text The path of the keychain
label text An optional label tag that may be included with the keychain entry
path text The path of the authorized application

Example

Identify keychain items with permissions granted to Applications at the system or user level.

SELECT * FROM keychain_acls WHERE path LIKE '/System/Applications/%%' OR path LIKE '/Users/%%/Applications/%%';
Edit page

Need more help?

Slack logo Ask the community on Slack