Add apps to "Files and Folders" permissions?

This is possible for MDM managed Macs by pushing signed profiles to preemptively white-list signed applications.

The process is quite detailed, but it uses a well documented profile setup (175 pages to cover the basics). We currently push about 20 items this way, so if you need to manage a lot of apps and a lot of Macs, this is possible and once you have your tools in place, easy to add new profiles. This isn’t feasible for a few machines if you’re not running a MDM.

Look at the section on page 64

  • https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf#page64

> Privacy Preferences Policy Control Payload

The Privacy Preferences payload is designated by specifying com.apple.TCC.configuration-profile-policy value as the PayloadType value. It controls the settings that are displayed in the ”Privacy” tab of the ”Security & Privacy” pane in System Preferences. This profile must be delivered via a user approved MDM server in a device profile.

Here is a very not short (but as short as can be reasonably made) guide for an engineer or team thinking about adding this to your MDM.

  • https://derflounder.wordpress.com/2018/08/31/creating-privacy-preferences-policy-control-profiles-for-macos/

Here is an awesome tool for automating creation of your profiles:

  • https://github.com/carlashley/tccprofile

Another answer elsewhere points to a new utility: https://github.com/jslegendre/tccplus

It does require SIP (and AMFI) to be disabled, but it may be the best hope.