Re: You can't just open a Terminal and ls
Once you've approved it, you don't get bothered again.
No, you cannot grant FDA to something like ls(1) or other commands - or any scripts that you might write - at all. It can only be done for a properly notarized "app" written in a specific way.
And you seem to be looking at it from the point of view of a moderately technical (can configure stuff but does not write scripts?) individual Mac user. I did mention I dealt with enterprise. I don't need to tell anyone here that an organization wants to deploy security software to endpoints automatically and transparently. I am not aware of a way to silently grant Full Disk Access (or the right to filter network connections) even to a properly written application or system extension. The relevant boxes don't get checked. The most common escalated customer issue is that after deployment stuff (even stuff that does not look at the disk at all, but must have FDA according to Apple) does not work - at all - because individual Mac users don't check the boxes or press the right buttons - they don't know they need to.
Yes, it's once per Mac, but you may administer a lot of Macs, and when it does not happen even once on quite a few of them it stops being a minor irritation and becomes a big pain in parts of the anatomy.
Biting the hand that feeds IT
