UPDATED 2023-02-12. This how-to is now out of date for macOS Big Sur and newer. I’m leaving it up for archival reasons, since I don’t have to bandwidth to bring it up-to-date at the moment (it requires a lot of reboots and messing with system files). Check out more up-to-date writeups by Glenn Fleishman and Howard Oakley.

UPDATED 2022-03-22. I have not tested the TCC.db deletion procedure on Monterey, so the actual steps might differ now.

If you’re having issues with the privacy permissions system in macOS Catalina or newer versions, such as being unable to change the settings, there are several steps you can take to remedy the situation. These settings are currently stored in a SQLite database located at /Library/Application Support/com.apple.TCC/TCC.db.

tccutil

tccutil is a command line tool you can use to reset system privacy permissions for macOS apps. There’s some granularity here. You can reset individual permissions or all permissions, and you can make this change for individual apps or all apps.

Individual apps are identified through their bundle identifier. To get an app’s bundle ID from its name, you can use either of the following commands:

$ lsappinfo info -only bundleid "Google Chrome"
$ osascript -e 'id of app "Google Chrome"'

A list of individual permissions is not documented anywhere as far as I know, but you can currently get a rough idea by checking for certain strings in the TCC.framework. I’ve listed two different commands below as the exact location of the framework has changed between Catalina and Monterey.

$ strings /System/Library/PrivateFrameworks/TCC.framework/TCC | fgrep kTCCService | fgrep -v ' ' | sed -e s/kTCCService// | sort

or

$ strings /System/Library/PrivateFrameworks/TCC.framework/Support/tccd | fgrep kTCCService | fgrep -v ' ' | sed -e s/kTCCService// | sort

At the time of writing this post, the list contained the following entries:

Accessibility
AddressBook
All
AlwaysAllowedService.AppleEvents
AppleEvents
BluetoothAlways
BluetoothPeripheral
BluetoothWhileInUse
Calendar
Calls
Camera
ContactsFull
ContactsLimited
DeveloperTool
ExposureNotification
ExposureNotificationRegion
FaceID
Facebook
FallDetection
FileProviderDomain
FileProviderPresence
FocusStatus
GameCenterFriends
KeyboardNetwork
LinkedIn
ListenEvent
Liverpool
MSO
MediaLibrary
Microphone
Motion
NearbyInteraction
Photos
PhotosAdd
PostEvent
Prototype3Rights
Prototype4Rights
Reminders
ScreenCapture
SensorKitAmbientLightSensor
SensorKitBedSensing
SensorKitBedSensingWriting
SensorKitDeviceUsage
SensorKitElevation
SensorKitFacialMetrics
SensorKitForegroundAppCategory
SensorKitKeyboardMetrics
SensorKitLocationMetrics
SensorKitMessageUsage
SensorKitMotion
SensorKitMotionHeartRate
SensorKitOdometer
SensorKitPedometer
SensorKitPhoneUsage
SensorKitSoundDetection
SensorKitSpeechMetrics
SensorKitStrideCalibration
SensorKitWatchAmbientLightSensor
SensorKitWatchFallStats
SensorKitWatchForegroundAppCategory
SensorKitWatchHeartRate
SensorKitWatchMotion
SensorKitWatchOnWristState
SensorKitWatchPedometer
SensorKitWatchSpeechMetrics
ShareKit
SinaWeibo
Siri
SpeechRecognition
SystemPolicyAllFiles
SystemPolicyDesktopFolder
SystemPolicyDeveloperFiles
SystemPolicyDocumentsFolder
SystemPolicyDownloadsFolder
SystemPolicyNetworkVolumes
SystemPolicyRemovableVolumes
SystemPolicySysAdminFiles
TencentWeibo
Twitter
Ubiquity
UserAvailability
UserTracking
WebKitIntelligentTrackingPrevention
Willow

To reset the Camera permission for Google Chrome, you would use:

$ sudo tccutil reset Camera com.google.Chrome

To reset the Camera permission for all apps, you would use:

$ sudo tccutil reset Camera

To reset the all permissions for Google Chrome, you would use (note: keywords are case-sensitive):

$ sudo tccutil reset All com.google.Chrome

To reset the all permissions for all apps, you would use:

$ sudo tccutil reset All

Reset PRAM

If the above changes do not take effect immediately, you might have to reset your Mac’s PRAM. Instructions to do so can be found here.

Delete TCC database

If the changes still do not take effect, you can delete the entire permission database. This requires booting into recovery mode on your Intel or Apple Silicon Mac, as the file cannot be deleted while the OS is running. Do so at your own risk.

The steps are:

  1. Boot into reovery mode
  2. Use Disk Utility to mount your system and data partitions. They are listed on the left side under Internal and are named Macintosh HD and Macintosh HD - Data by default.
  3. Quit Disk Utility
  4. Open Terminal through the Utilities menu
  5. Delete database: 
    $ rm /Volumes/Macintosh\ HD/Library/Application\ Support/com.apple.TCC/TCC.db

    Note: If renamed your partition from the default name, the path will differ.

  6. Restart