I am developing a suite of apps/helpers that get built into an installer package for deployment (outside The App Store). We have that release process ± working, except that most of the development team members are not admins/privileged on the team. They don't really need to publish on behalf of the team, and so we don't want to have debug builds also depend on being signed as "Developer ID Application". But that is running into problems…
If I select instead "Sign to Run Locally" this results in an error for some of the build products along the lines of:
[Build Target] requires a provisioning profile. Enable development signing and select a provisioning profile in the Signing & Capabilities editor.
If I select "Apple Development" as the Code Signing Identity it leaves me with basically the same error as "Developer ID Application" does:
Provisioning profile [Name of App/Helper] doesn't include signing certificate "Apple Development: [Name of Developer] ([TEAMID])"
And finally, if simply set the Debug value for Provisioning Profile to "None" for the problematic products I get errors like:
"[Name of app]" requires a provisioning profile. Select a provisioning profile in the Signing & Capabilities editor.
I believe perhaps because some of the targets have an entitlements file granting access to various things (their own XPC services, their own shared preferences, as well as Outgoing Network Connections and com.apple.security.smartcard access…).
In older versions of Xcode and/or macOS we didn't have trouble like this, local development could be done by basically any team member. Now it seems like maybe all developers need to have release-signing privileges to test/debug even on their own machines? Or is there a combination I'm missing, that would allow anyone on the team (or perhaps not even on the team) to build and debug the code locally, while still limiting who is able to actually sign notarized release builds on behalf of the team?