What is the technical difference between Full disk access and Files & Folder access in Catalina

From security preferences pane we see below info

Full Disk access : Allow the apps below to access data like Mail, Messages, Safari, Home, Time Machine backups and certain administrartive settings for all users on this mac



Files and Folders access: Allow the apps below to access files and folders



What is restricted internally for each of these

Replies

There isn’t a concrete specification of what these facilities control because it has changed in the past (at least for Full Disk Access, which was a feature of 10.14) and is likely to change in the future. That makes it hard to answer general questions like this. Are you hitting a specific problem?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

In my Services automator script i am trying to save a keyNote file in temporary location , "/private/var/folders/0r/twy5tths4kjc08htlv15y9c40000gn/T/TemporaryItems/Untitled.key", This is the temporay path which i get using below Apple script statement "set the defaultDestinationFolder to (path to temporary items)".


Apple script statement to save :

save front document in file "/private/var/folders/0r/twy5tths4kjc08htlv15y9c40000gn/T/TemporaryItems/Untitled.key".


I see below error

The document “Untitled” could not be exported as “Untitled”. You don’t have permission.


When i checked system preferences there is KeyNote entry go created under Full Disk Access preferences pane, even If i enable this i am not able to save .


And i dont see any user consent popup when i am trying to access this location


As per catalina Documentation they havent mentioned anywhere that /private/var/folders is restricted, either in Full disk access or Files and Folders access.


I can change the location i save files, is there any temporary location in macOS which is user specific , safe and accessible




Any help is much appreciated. As catalina is already out, its high time to understand its security features

So, if you do the same thing and target a known privileged location, like the desktop, what happens?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

It throws user consent asking that user wants to access Desktop

I had the same problem, and I had to give Script Editor access to the whole disk, not the app that I was automating.