Granting USB camera access on a single Mac to four people takes a bit of care. The cleanest setup is separate local accounts, no admin rights, and camera access only where it is needed. That keeps the setup tight enough to audit without making it miserable to use.
Create local accounts for the four users and keep them non-admin. If you want to script account creation from the command line, use sysadminctl:
sudo sysadminctl -addUser username -fullName "Full Name" -password 'Passw0rd'
Remove admin rights from other accounts with dseditgroup:
sudo dseditgroup -o edit -d otheruser -t user admin
Non-admin users are harder to wander off with camera settings or install something awkward that gets in the way.
Camera permissions on macOS are set at app level. Open System Settings, go to Privacy & Security, then Camera, and allow only the apps the four users need. If the same apps are used for all four accounts, approve those apps in each account. In an MDM setup, push a Privacy Preferences Policy Control profile instead. That lets you approve an app for camera access without prompting each user, but it depends on the MDM and the app’s code-signing details.
macOS does not have a simple per-user switch for a single USB camera. It handles camera permissions per app and per user. That is why local accounts plus app permissions are the least painful route. If you need to go lower level, you can edit the TCC database, but that is not a casual fix. It can mean disabling System Integrity Protection and it can break updates. I would not touch that unless you already know why you are there.
If you need stricter control, use the hardware as well. A powered USB hub with per-port switches lets you cut the camera off without logging into the Mac. A cheap USB switch between the camera and the Mac works too on a shared desk. If you have MDM, you can also apply a device-level camera restriction. That is useful when the camera should not be used at all, but it is still a blunt switch for the whole Mac, not a way to limit access to just four people.
For anything beyond app permissions, combine the controls. Keep the camera connected only when it is needed. A small script or a launchd job can watch for the camera process and apply your own session rules. On macOS the camera service runs as VDCAssistant while it is active. You can check for it with:
ps aux | grep VDCAssistant
Log camera use from the system log and keep those logs for auditing. If an unauthorised account tries to use the camera, you can trigger an alert or force a logout. At scale, send the relevant logs to a central collector.
For the four-user case, the practical setup is simple: create the four non-admin accounts, approve only the required apps in System Settings or through PPPC, remove admin rights from everything else, and put the camera on a powered USB hub with a switch. If you have MDM, schedule a profile that disables the camera outside working hours and allows it during booked sessions. Keep a short runbook with the account names, approved apps, log locations, and the physical disconnect method.
macOS handles privacy per user and per app, not per camera in the way people usually want. Separate accounts handle identity, app permissions and PPPC handle the software side, and the USB switch handles the hardware side. Put the three together and you get something practical enough to live with.




