1# Ability Access Control 2 3> **NOTE** 4> 5> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version. 6 7## Modules to Import 8 9```js 10import abilityAccessCtrl from '@ohos.abilityAccessCtrl' 11``` 12 13## abilityAccessCtrl.createAtManager 14 15createAtManager(): AtManager 16 17Creates an **AtManager** instance, which is used for ability access control. 18 19**System capability**: SystemCapability.Security.AccessToken 20 21 22**Return value** 23 24| Type| Description| 25| -------- | -------- | 26| [AtManager](#atmanager) | **AtManager** instance obtained.| 27 28**Example** 29 30``` 31var AtManager = abilityAccessCtrl.createAtManager(); 32``` 33 34## AtManager 35 36Implements ability access control. 37 38### verifyAccessToken 39 40verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus> 41 42Checks whether an application has been granted the specified permission. This API uses a promise to return the result. 43 44**System capability**: SystemCapability.Security.AccessToken 45 46**Parameters** 47 48| Name | Type | Mandatory| Description | 49| -------- | ------------------- | ---- | ------------------------------------------ | 50| tokenID | number | Yes | ID of the application. | 51| permissionName | string | Yes | Name of the permission to verify.| 52 53**Return value** 54 55| Type | Description | 56| :------------ | :---------------------------------- | 57| Promise<GrantStatus> | Promise instance used to return the result.| 58 59**Example** 60 61``` 62var AtManager = abilityAccessCtrl.createAtManager(); 63let tokenID = 0; 64let promise = AtManager.verifyAccessToken(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"); 65promise.then(data => { 66 console.log(`promise: data->${JSON.stringify(data)}`); 67}); 68``` 69 70### grantUserGrantedPermission 71 72grantUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number): Promise<number> 73 74Grants a user granted permission to an application. This API uses a promise to return the result. 75 76This is a system API. 77 78**Required permissions**: ohos.permission.GRANT_SENSITIVE_PERMISSIONS 79 80**System capability**: SystemCapability.Security.AccessToken 81 82**Parameters** 83 84| Name | Type | Mandatory| Description | 85| --------- | ------------------- | ---- | ------------------------------------------------------------ | 86| tokenID | number | Yes | ID of the application. | 87| permissionName | string | Yes | Name of the permission to grant.| 88| permissionFlag | number | Yes | Permission flag. The value **1** means that a dialog box will still be displayed after the user grants or denies the permission. The value **2** means that no dialog box will be displayed after the user grants or denies the permission. The value **3** means a system permission that cannot be changed. | 89 90**Return value** 91 92| Type | Description | 93| :------------ | :---------------------------------- | 94| Promise<number> | Promise instance used to return the result.| 95 96**Example** 97 98``` 99var AtManager = abilityAccessCtrl.createAtManager(); 100let tokenID = 0; 101let promise = AtManager.grantUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"); 102promise.then(data => { 103 console.log(`promise: data->${JSON.stringify(data)}`); 104}); 105``` 106 107 108 109### grantUserGrantedPermission 110 111grantUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number, callback: AsyncCallback<number>): void 112 113Grants a user granted permission to an application. This API uses an asynchronous callback to return the result. 114 115This is a system API. 116 117**Required permissions**: ohos.permission.GRANT_SENSITIVE_PERMISSIONS 118 119**System capability**: SystemCapability.Security.AccessToken 120 121**Parameters** 122 123| Name | Type | Mandatory| Description | 124| --------- | ------------------- | ---- | ------------------------------------------------------------ | 125| tokenID | number | Yes | ID of the application. | 126| permissionName | string | Yes | Name of the permission to grant.| 127| permissionFlag | number | Yes | Permission flag. The value **1** means that a dialog box will still be displayed after the user grants or denies the permission. The value **2** means that no dialog box will be displayed after the user grants or denies the permission. The value **3** means a system permission that cannot be changed. | 128| callback | AsyncCallback<number> | Yes| Callback used to return the result.| 129 130**Example** 131 132``` 133var AtManager = abilityAccessCtrl.createAtManager(); 134let tokenID = 0; 135let permissionFlag = 1; 136AtManager.grantUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS",permissionFlag, data => { 137 console.log(`callback: data->${JSON.stringify(data)}`); 138}); 139``` 140 141### revokeUserGrantedPermission 142 143revokeUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number): Promise<number> 144 145Revokes a user granted permission given to an application. This API uses a promise to return the result. 146 147This is a system API. 148 149**Required permissions**: ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 150 151**System capability**: SystemCapability.Security.AccessToken 152 153**Parameters** 154 155| Name | Type | Mandatory| Description | 156| --------- | ------------------- | ---- | ------------------------------------------------------------ | 157| tokenID | number | Yes | ID of the application. | 158| permissionName | string | Yes | Name of the permission to revoke.| 159| permissionFlag | number | Yes | Permission flag. The value **1** means that a dialog box will still be displayed after the user grants or denies the permission. The value **2** means that no dialog box will be displayed after the user grants or denies the permission. The value **3** means a system permission that cannot be changed. | 160 161**Return value** 162 163| Type | Description | 164| :------------ | :---------------------------------- | 165| Promise<number> | Promise instance used to return the result.| 166 167**Example** 168 169``` 170var AtManager = abilityAccessCtrl.createAtManager(); 171let tokenID = 0; 172let permissionFlag = 1; 173let promise = AtManager.revokeUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", permissionFlag); 174promise.then(data => { 175 console.log(`promise: data->${JSON.stringify(data)}`); 176}); 177``` 178 179### revokeUserGrantedPermission 180 181revokeUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number, callback: AsyncCallback<number>): void 182 183Revokes a user granted permission given to an application. This API uses an asynchronous callback to return the result. 184 185This is a system API. 186 187**Required permissions**: ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 188 189**System capability**: SystemCapability.Security.AccessToken 190 191**Parameters** 192 193| Name | Type | Mandatory| Description | 194| --------- | ------------------- | ---- | ------------------------------------------------------------ | 195| tokenID | number | Yes | ID of the application. | 196| permissionName | string | Yes | Name of the permission to revoke.| 197| permissionFlag | number | Yes | Permission flag. The value **1** means that a dialog box will still be displayed after the user grants or denies the permission. The value **2** means that no dialog box will be displayed after the user grants or denies the permission. The value **3** means a system permission that cannot be changed. | 198| callback | AsyncCallback<number> | Yes| Callback used to return the result.| 199 200**Example** 201 202``` 203var AtManager = abilityAccessCtrl.createAtManager(); 204let tokenID = 0; 205AtManager.revokeUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS",permissionFlag, data => { 206 console.log(`callback: data->${JSON.stringify(data)}`); 207}); 208``` 209 210### getPermissionFlags 211 212getPermissionFlags(tokenID: number, permissionName: string): Promise<number> 213 214Obtains the flags of the specified permission of a given application. This API uses a promise to return the result. 215 216This is a system API. 217 218**Required permissions**: ohos.permission.GET_SENSITIVE_PERMISSIONS, GRANT_SENSITIVE_PERMISSIONS, or REVOKE_SENSITIVE_PERMISSIONS 219 220**System capability**: SystemCapability.Security.AccessToken 221 222**Parameters** 223 224| Name | Type | Mandatory| Description | 225| --------- | ------------------- | ---- | ------------------------------------------------------------ | 226| tokenID | number | Yes | ID of the application. | 227| permissionName | string | Yes | Name of the permission to query.| 228 229**Return value** 230 231| Type | Description | 232| :------------ | :---------------------------------- | 233| Promise<number> | Promise instance used to return the result.| 234 235**Example** 236 237``` 238var AtManager = abilityAccessCtrl.createAtManager(); 239let tokenID = 0; 240let promise = AtManager.getPermissionFlags(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"); 241promise.then(data => { 242 console.log(`promise: data->${JSON.stringify(data)}`); 243}); 244``` 245 246### GrantStatus 247 248Enumerates the permission grant states. 249 250**System capability**: SystemCapability.Security.AccessToken 251 252| Name | Default Value | Description | 253| ----------------------------- | ---------------------- | ----------------------- | 254| PERMISSION_DENIED | -1 | Permission denied. | 255| PERMISSION_GRANTED | 0 | Permission granted. | 256