I have created an automator workflow; then I have created a keyboard shortcut in the Keyboard Settings to run this as a Quick Action on a keypress.
All of this works. But the workflow seems to run in the security context of the application which was active when I pressed the hotkey.
The activity inside the service has nothing to do with the current application (it takes a screenshot and then does something with it); it doesn't access the "current" application in any way.
It needs to access the System Events, and thus security kicks in. I then have to enable access to those features for any application which happened to be in the foreground when I hit the hotkey.
Is it possible to avoid this – i.e. run my service in a context of its own?
EDIT for clarification: The workflow clicks menus of applications, and sends keystrokes.
... take a screenshot ...
... startup GIMP ...
tell application "System Events"
tell process "GIMP-2.10"
...
click menu item "From Clipboard" of menu 1 of menu item "Create" of menu 1 of menu bar item "File" of menu bar 1
...
keystroke " "
...
As an example, say I press the hotkey while Emacs is in front. I then get a security prompt asking me to allow some security aspects for Emacs. I neither want do give Emacs any permissions, nor do I want to repeat this for any other application which might be in focus when I take a screenshot later.
Best Answer
I had the same issue. What worked for me:
1: Saving the automator workflow as an application (File > Convert To > Application. Save > File Format = Application).
2: Then creating a separate Automator Quick Action with the sole purpose of launching the application created in 1 (File > New > Quick Action. Save normally as a workflow.).
The application containing the target workflow (1) will then need to be given Accessibility permissions via the usual (Security and Privacy > Privacy > Accessibility) and the key shortcut should be bound to the workflow (2) as you described.
This successfully bypasses the security settings of the currently active application by running the workflow in a self-contained app (with its own Accessibility preferences) negating the need for multiple permissions.