It won’t be surprising to regular readers of Mac 911 that your faithful correspondent and his family routinely have trouble across their devices and services, some of which lead to columns in this fine publication. The only time that is jarring is when I search for a solution and find that I am apparently the definitive source for an answer–that doesn’t work for me.
That’s the case with resetting Privacy settings that allow non-Apple macOS apps to perform certain tasks that incur a privacy risk. For instance, Default Folder, Dropbox, and LaunchBar all require Accessibility access for how they interact with files in the Finder. Backblaze and Default Folder need Full Disk Access to backup or search across your volumes.
You find Privacy settings in macOS Monterey and earlier in System Preferences > Security & Privacy > Privacy, while macOS Ventura places them in System Settings > Privacy & Security under a Privacy heading.
As I wrote in June 2021, the preference database for a subset of privacy settings that relate to app-based permissions is fragile and can become corrupted for no good reason. In “How to fix macOS Accessibility permission when an app can’t be enabled,” I explained using a Terminal-based solution for resetting the underlying database in a pinch.
What happens when this columnist tries his own advice, provided by Jon Gotow, maker of Default Folder, and it fails? He emails Mr. Gotow again for more advice. Jon referred me to this excellent article by iOS developer Robin Kunde from 2020. Kunde digs into utilities and more esoteric ways to determine what’s wrong, but ends with a way to wipe the so-called TCC database (named after “Transparency, Consent, and Control,” apparently) that contains these preferences.
He advises restarting into recovering, mounting the data volume (required for macOS Catalina or later), and using a Terminal command to remove a file called TCC.db found at
"/Volumes/YOUR VOLUME HERE/Library/Application Support/com.apple.TCC/TCC.db".
I tried that—and my setup remained fully broken:
- Restarting didn’t help.
- Resetting the database from the Terminal didn’t help.
- Deleting the database didn’t help.
- Dragging items into the Accessibility or other panes didn’t result in them being added.
There’s one further step you can take, I have discovered. It’s fortunately not technically destructive, in that macOS recreates the pieces you need to delete.
As with all advice about deleting files that the system relies on, however, make sure you have a full Time Machine backup or clone, and proceed at your own risk.
Here’s how to proceed with a bit more handholding than Kunde’s blog:
- Restart into macOS Recovery. On an Intel Mac, choose > Restart and then hold down Command-R until macOS Recovery appears. On an M-series Mac, choose > Shut Down, wait for your Mac to power off, then hold down the power button until you see the Options gear icon appear or macOS says you can release the button. Click Options, and follow the prompts to enter a password for an administrator user shown.
- Click Disk Utility in macOS Recovery.
- Find your startup volume at left. Choose View > Show All Devices to make sure you can find it. On Mojave or earlier, select and mount your main startup volume if it’s not already mounted. On Catalina or later, select the data drive (a volume ending “- Data”) and mount it. You will be prompted for a password if you have FileVault enabled.
- Choose Disk Utility > Quit Disk Utility.
- Back in macOS Recovery, choose Utilities > Terminal.
- In Terminal, resize the window larger to make it easier to see all the output. Type
ls -l /Volumes and press Return to find the exact name of your startup volume or startup data volume.
- To avoid deleting files unintentionally, navigate down to the correct directory. Type
cd "/Volumes/YOUR VOLUME NAME/Library/Application Support/com.apple.TCC/" and press Return. (The quotation marks are critical, as there are spaces in the directories, and otherwise they aren’t processed correctly.)
ls and press Return to see what’s in the directory. It should contain two files:
- If that’s correct, delete two files by typing
rm AdhocSignatureCache plus Return and
rm TCC.db plus Return.
- Now type
cd .. and press Return to go up one level of the folder hierarchy. Type
rmdir com.apple.TCC to remove that directory. (It won’t work if it has any contents remaining.)
- Choose > Restart.
Here’s what this looks like as a transcript for my volume
Mister Electron. in steps 7 to 10 above. For successful operations except the
ls command, you will receive no feedback; you only get a response if something fails, like a file fails to be deleted.
# cd “/Volumes/Mister Electron - Data/Application Support/com.apple.TCC/”
# rm AdhocSignatureCache
# rm TCC.db
# cd ..
# rmdir com.apple.TCC
After you restart, you should be prompted by apps that need Privacy permissions. This time, when you navigate to the correct location, you should see a list of those apps and be able to check a box next to each of them.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to [email protected], including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.