• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# DataAbility Permission Control
2
3
4The DataAbility uses permission control to determine whether an ability can access the data service it provides. There are static and dynamic permission controls.
5
6
7## Static Permission Control
8
9The DataAbility functions as the server. When being started, the DataAbility verifies the client permissions against the settings of the optional fields **readPermission**, **writePermission**, and **Permission** fields in the **config.json** file. The following is an example:
10
11
12```json
13"abilities": [{
14  "srcPath": "DataAbility",
15  "name": ".DataAbility",
16  "icon": "$media:icon",
17  "srcLanguage": "ets",
18  "description": "$string:description_dataability",
19  "type": "data",
20  "visible": true,
21  "uri": "dataability://ohos.samples.etsdataability.DataAbility",
22  "readPermission":"ohos.permission.READ_CONTACTS",
23  "writePermission":"ohos.permission.WRITE_CONTACTS"
24}]
25```
26
27The client permission is configured in **reqPermissions** under **module** in the **config.json** file. The following is an example:
28
29
30```json
31{
32  "module": {
33    "reqPermissions":{
34      {
35        "name":"ohos.permission.READ_CONTACTS"
36      },
37      {
38        "name":"ohos.permission.WRITE_CONTACTS"
39      }
40    }
41  }
42}
43```
44
45
46## Dynamic Permission Control
47
48Static permission control determines whether a DataAbility can be started by another ability or application. It does not verify the permission of each read/write interface.
49
50Dynamic permission control verifies whether the client has the corresponding permission for every read/write interface. The table below lists the permissions required for calling these interfaces.
51
52**Table 1** Permission configuration for data read/write interfaces
53
54| Interface with the Read Permission| Interface with the Write Permission| Interface with the Read/Write Permission Based on Actual Requirements|
55| -------- | -------- | -------- |
56| query, normalizeUri, denormalizeUri, openfile (with **mode** set to **'r'**)| insert, batchInsert, delete, update, openfile (with **mode** set to **'w'**)| executeBatch |
57
58For interfaces that require the read permission, the server must have **readPermission** specified, and the client must obtain the read permission before calling them.
59
60For interfaces that require the write permission, the server must have **writePermission** specified, and the client must obtain the write permission before calling them.
61