# @ohos.enterprise.adminManager (Enterprise Device Management) The **adminManager** module provides enterprise device management capabilities so that devices have the custom capabilities required in enterprise settings. > **NOTE** > > The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version. > > The APIs of this module are available only to [device administrator applications](../../mdm/mdm-kit-guide.md#introduction). ## Modules to Import ```ts import { adminManager } from '@kit.MDMKit'; ``` ## adminManager.disableAdmin disableAdmin(admin: Want, userId?: number): Promise\ Disables an administrator application for the user specified by the device. This API uses a promise to return the result. **Required permissions**: ohos.permission.MANAGE_ENTERPRISE_DEVICE_ADMIN **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Model restriction**: This API can be used only in the stage model. **Parameters** | Name| Type | Mandatory| Description | | ------ | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility. | | userId | number | No | User ID, which must be greater than or equal to 0.
- If **userId** is passed in, this API applies to the specified user.
- If **userId** is not passed in, this API applies to the current user.| **Return value** | Type | Description | | -------------- | ------------------------------------------------------------ | | Promise\ | Promise that returns no value. If the operation fails, an error object will be thrown.| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200005 | Failed to deactivate the administrator application of the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; import { BusinessError } from '@kit.BasicServicesKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; adminManager.disableAdmin(wantTemp, 100).catch((err: BusinessError) => { console.error(`Failed to disable admin. Code: ${err.code}, message: ${err.message}`); }); ``` ## adminManager.subscribeManagedEventSync subscribeManagedEventSync(admin: Want, managedEvents: Array\): void Subscribes to system management events. **Required permissions**: ohos.permission.ENTERPRISE_SUBSCRIBE_MANAGED_EVENT **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Model restriction**: This API can be used only in the stage model. **Parameters** | Name | Type | Mandatory| Description | | ------------- | ------------------------------------------------------- | ---- | ---------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| | managedEvents | Array\<[ManagedEvent](#managedevent)> | Yes | Array of events to subscribe to. | **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200008 | The specified system event is invalid. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let events: Array = [adminManager.ManagedEvent.MANAGED_EVENT_BUNDLE_ADDED, adminManager.ManagedEvent.MANAGED_EVENT_BUNDLE_REMOVED]; try { adminManager.subscribeManagedEventSync(wantTemp, events); console.info('Succeeded in subscribing managed event.'); } catch (err) { console.error(`Failed to subscribe managed event. Code: ${err.code}, message: ${err.message}`); } ``` ## adminManager.unsubscribeManagedEventSync unsubscribeManagedEventSync(admin: Want, managedEvents: Array\): void Unsubscribes from system management events. **Required permissions**: ohos.permission.ENTERPRISE_SUBSCRIBE_MANAGED_EVENT **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Model restriction**: This API can be used only in the stage model. **Parameters** | Name | Type | Mandatory| Description | | ------------- | ------------------------------------------------------- | ---- | ---------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| | managedEvents | Array\<[ManagedEvent](#managedevent)> | Yes | Array of events to unsubscribe from. | **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200008 | The specified system event is invalid. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let events: Array = [adminManager.ManagedEvent.MANAGED_EVENT_BUNDLE_ADDED, adminManager.ManagedEvent.MANAGED_EVENT_BUNDLE_REMOVED]; try { adminManager.unsubscribeManagedEventSync(wantTemp, events); console.info('Succeeded in unsubscribing managed event.'); } catch (err) { console.error(`Failed to unsubscribe managed event. Code: ${err.code}, message: ${err.message}`); } ``` ## adminManager.setDelegatedPolicies14+ setDelegatedPolicies(admin: Want, bundleName: string, policies: Array<string>): void Delegates other applications to set device management policies. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_DELEGATED_POLICY **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Model restriction**: This API can be used only in the stage model. **Parameters** | Name | Type | Mandatory| Description | | ------------- | ------------------------------------------------------- | ---- | ------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| | bundleName | string | Yes | Bundle name of the delegated application. Only **enterprise_mdm** and **enterprise_normal** applications are supported. For details about the application distribution types, see [Guide](https://gitee.com/nezha-father/docs/blob/master/en/application-dev/security/app-provision-structure.md).| | policies | Array<string> | Yes | [Delegation Policy List](#delegation-policy-list)| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 9200009 | Failed to grant the permission to the application. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let admin: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let policies: Array = ["disabled_hdc"]; try { adminManager.setDelegatedPolicies(admin, "com.example.enterprise.xxx", policies); console.info('Succeeded in setting delegated policies.'); } catch (err) { console.error(`Failed to set delegated policies. Code: ${err.code}, message: ${err.message}`); } ``` ## adminManager.getDelegatedPolicies14+ getDelegatedPolicies(admin: Want, bundleName: string): Array<string> Queries the list of policies that can be accessed by the delegated application. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_DELEGATED_POLICY **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Model restriction**: This API can be used only in the stage model. **Parameters** | Name | Type | Mandatory| Description | | ---------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility. | | bundleName | string | Yes | Bundle name of the delegated application. Only **enterprise_mdm** and **enterprise_normal** applications are supported. For details about the application distribution types, see [Guide](https://gitee.com/nezha-father/docs/blob/master/en/application-dev/security/app-provision-structure.md).| **Return value** | Type | Description | | --------------------- | ------------------------- | | Array<string> | Delegation policy list.| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let admin: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let policies: Array = adminManager.getDelegatedPolicies(admin, "com.example.enterprise.xxx"); console.info(`Succeeded in getting delegated policies.${JSON.stringify(policies)}`); } catch (err) { console.error(`Failed to get delegated policies. Code: ${err.code}, message: ${err.message}`); } ``` ## adminManager.getDelegatedBundleNames14+ getDelegatedBundleNames(admin: Want, policy: string): Array<string> Queries the delegated applications that can access a delegation policy and output the list of delegated applications. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_DELEGATED_POLICY **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Model restriction**: This API can be used only in the stage model. **Parameters** | Name | Type | Mandatory| Description | | ------------- | ------------------------------------------------------- | ---- | ------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| | policy | string | Yes | Delegation policy.| **Return value** | Type | Description | | --------------------- | ------------------------- | | Array<string> | List of delegated applications.| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let admin: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let bundleNames: Array = adminManager.getDelegatedBundleNames(admin, "disabled_hdc"); console.info(`Succeeded in getting delegated bundles.${JSON.stringify(bundleNames)}`); } catch (err) { console.error(`Failed to get delegated bundles. Code: ${err.code}, message: ${err.message}`); } ``` ## adminManager.startAdminProvision15+ startAdminProvision(admin: Want, type: AdminType, context: common.Context, parameters: Record\): void Enables the device administrator application to open a page for the BYOD administrator to perform activation. **Required permission**: ohos.permission.START_PROVISIONING_MESSAGE **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Model restriction**: This API can be used only in the stage model. **Parameters** | Name | Type | Mandatory | Description | | ----- | ----------------------------------- | ---- | ------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| | type | [AdminType](#admintype15) | Yes | Type of the activated device administrator application. Only the ADMIN_TYPE_BYOD type is supported. | | context | [common.Context](../apis-ability-kit/js-apis-app-ability-common.md) | Yes| Context information of the administrator application.| | parameters | Record\ | Yes| Custom parameters. The key value must contain **activateId**.| **Error codes** For details about the error codes, see [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | ------- | ----------------------------------------------------- | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { common, Want } from '@kit.AbilityKit'; import adminManager from '@ohos.enterprise.adminManager'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let context = getContext(this) as common.UIAbilityContext; let recordParameters: Record = { "activateId": "activateId testValue", "customizedInfo": "customizedInfo testValue" } try { console.info('context:' + JSON.stringify(context)); adminManager.startAdminProvision(wantTemp, adminManager.AdminType.ADMIN_TYPE_BYOD, context, recordParameters); console.info('startAdminProvision::success'); } catch (error) { console.info('startAdminProvision::errorCode: ' + error.code + ' errorMessage: ' + error.message); } ``` ## ManagedEvent Enumerates the system management events that can be subscribed to. **System capability**: SystemCapability.Customization.EnterpriseDeviceManager | Name | Value | Description | | -------------------------------------------- | ---- | -------------- | | MANAGED_EVENT_BUNDLE_ADDED | 0 | An application is installed.| | MANAGED_EVENT_BUNDLE_REMOVED | 1 | An application is uninstalled.| | MANAGED_EVENT_APP_START | 2 | An application is started.| | MANAGED_EVENT_APP_STOP | 3 | An application is stopped.| | MANAGED_EVENT_SYSTEM_UPDATE | 4 | The system is updated.| | MANAGED_EVENT_ACCOUNT_ADDED18+ | 5 | An account is created.| | MANAGED_EVENT_ACCOUNT_SWITCHED18+ | 6 | An account is switched.| | MANAGED_EVENT_ACCOUNT_REMOVED18+ | 7 | An account is removed.| ## AdminType15+ Enumerates the types of device administrator applications. **System capability**: SystemCapability.Customization.EnterpriseDeviceManager | Name | Value | Description | | ----------------- | ---- | ----- | | ADMIN_TYPE_BYOD | 0x02 | BYOD device administrator application.| ## Appendix ### Delegation Policy List | Policy Name| API | Description| | --- | --- | --- | |disallow_add_local_account| [accountManager.disallowOsAccountAddition](js-apis-enterprise-accountManager.md#accountmanagerdisallowosaccountaddition)
[accountManager.isOsAccountAdditionDisallowed](js-apis-enterprise-accountManager.md#accountmanagerisosaccountadditiondisallowed) | Does not accept the **accountId** parameter, and disallows the device to create a local user.
Does not accept the **accountId** parameter, and checks whether to disallow the device to create a local user.| |disallow_add_os_account_by_user| [accountManager.disallowOsAccountAddition](js-apis-enterprise-accountManager.md#accountmanagerdisallowosaccountaddition)
[accountManager.isOsAccountAdditionDisallowed](js-apis-enterprise-accountManager.md#accountmanagerisosaccountadditiondisallowed) | Accepts the **accountId** parameter, and disallows the specified user to add accounts.
Accepts the **accountId** parameter, and checks whether to disallow the specified user to add accounts.| |disallow_running_bundles|[applicationManager.addDisallowedRunningBundlesSync](js-apis-enterprise-applicationManager.md#applicationmanageradddisallowedrunningbundlessync)
[applicationManager.removeDisallowedRunningBundlesSync](js-apis-enterprise-applicationManager.md#applicationmanagerremovedisallowedrunningbundlessync)
[applicationManager.getDisallowedRunningBundlesSync](js-apis-enterprise-applicationManager.md#applicationmanagergetdisallowedrunningbundlessync)|Adds applications to the application blocklist. These applications are disallowed to run by the current or specified user.
Removes applications from the application blocklist.
Obtains the application blocklist of the current user or a specified user.| |manage_auto_start_apps|[applicationManager.addAutoStartApps](js-apis-enterprise-applicationManager.md#applicationmanageraddautostartapps)
[applicationManager.removeAutoStartApps](js-apis-enterprise-applicationManager.md#applicationmanagerremoveautostartapps)
[applicationManager.getAutoStartApps](js-apis-enterprise-applicationManager.md#applicationmanagergetautostartapps)|Adds the list of auto-start applications upon system startup. Currently, this capability supports only 2-in-1 devices.
Removes an app from the auto-startup app list. Currently, this capability supports only 2-in-1 devices.
Queries the list of auto-start applications upon system startup. Currently, this capability supports only 2-in-1 devices.| |allowed_bluetooth_devices|[bluetoothManager.addAllowedBluetoothDevices](js-apis-enterprise-bluetoothManager.md#bluetoothmanageraddallowedbluetoothdevices)
[bluetoothManager.removeAllowedBluetoothDevices](js-apis-enterprise-bluetoothManager.md#bluetoothmanagerremoveallowedbluetoothdevices)
[bluetoothManager.getAllowedBluetoothDevices](js-apis-enterprise-bluetoothManager.md#bluetoothmanagergetallowedbluetoothdevices)|Adds allowed Bluetooth devices.
Removes allowed Bluetooth devices.
Queries allowed Bluetooth devices.| |set_browser_policies|[browser.setPolicySync](js-apis-enterprise-browser.md#browsersetpolicysync)
[browser.getPoliciesSync](js-apis-enterprise-browser.md#browsergetpoliciessync)|Sets a policy for a browser.
Obtains the policy of a specified browser.| |allowed_install_bundles|[bundleManager.addAllowedInstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanageraddallowedinstallbundlessync)
[bundleManager.removeAllowedInstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanagerremoveallowedinstallbundlessync)
[bundleManager.getAllowedInstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanagergetallowedinstallbundlessync)|Adds the applications that can be installed by the current or specified user.
Removes the applications that can be installed.
Obtains the applications that can be installed by the current or specified user.| |disallowed_install_bundles|[bundleManager.addDisallowedInstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanageradddisallowedinstallbundlessync)
[bundleManager.removeDisallowedInstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanagerremoveallowedinstallbundlessync)
[bundleManager.getDisallowedInstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanagergetdisallowedinstallbundlessync)|Adds the applications that cannot be installed by the current or specified user.
Removes the applications that cannot be installed.
Obtains the applications that cannot be installed by the current or specified user.| |disallowed_uninstall_bundles|[bundleManager.addDisallowedUninstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanageradddisalloweduninstallbundlessync)
[bundleManager.removeDisallowedUninstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanagerremovedisalloweduninstallbundlessync)
[bundleManager.getDisallowedUninstallBundlesSync](js-apis-enterprise-bundleManager.md#bundlemanagergetdisalloweduninstallbundlessync)|Adds the applications that cannot be uninstalled by the current or specified user.
Removes the applications that cannot be uninstalled.
Obtains the applications that cannot be uninstalled by the current or specified user.| |get_device_info|[deviceInfo.getDeviceInfo](js-apis-enterprise-deviceInfo.md#deviceinfogetdeviceinfo)|Obtains device information.| |location_policy|[locationManager.setLocationPolicy](js-apis-enterprise-locationManager.md#locationmanagersetlocationpolicy)
[locationManager.getLocationPolicy](js-apis-enterprise-locationManager.md#locationmanagergetlocationpolicy)|Sets the location service policy.
Queries the location service policy.| |disabled_network_interface|[networkManager.setNetworkInterfaceDisabledSync](js-apis-enterprise-networkManager.md#networkmanagersetnetworkinterfacedisabledsync)
[networkManager.isNetworkInterfaceDisabledSync](js-apis-enterprise-networkManager.md#networkmanagerisnetworkinterfacedisabledsync)|Disables a network interface.
Queries whether a specified network interface is disabled.| |global_proxy|[networkManager.setGlobalProxySync](js-apis-enterprise-networkManager.md#networkmanagersetglobalproxysync)
[networkManager.getGlobalProxySync](js-apis-enterprise-networkManager.md#networkmanagergetglobalproxysync)|Sets the global network proxy.
Obtains the global network proxy.| |disabled_bluetooth|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|The feature parameter is used to enable or disable the Bluetooth capability.
Accepts **bluetooth** as the parameter to query whether the Bluetooth capability is disabled.| |disallow_modify_datetime|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|Accepts **modifyDateTime** as the parameter to disable or enable the system time setting capability.
Accepts **modifyDateTime** as the parameter to query whether the system time modification capability is disabled.| |disabled_printer|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|Accepts **printer** as the parameter to disable or enable the printing capability.
Accepts **printer** as the parameter to query whether the printing capability is disabled.| |disabled_hdc|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|Accepts **hdc** as the parameter to enable or disable HDC.
Accepts **hdc** as the parameter to query whether the HDC capability is disabled.| |disable_microphone|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|Accepts **microphone** as the parameter to enable or disable the microphone capability.
Accepts **microphone** as the parameter to query whether the microphone is disabled.| |fingerprint_auth|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)
[restrictions.setDisallowedPolicyForAccount](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicyforaccount14)
[restrictions.getDisallowedPolicyForAccount](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicyforaccount14)|Accepts **fingerprint** as the parameter to disable or enable fingerprint authentication.
Accepts **fingerprint** as the parameter to query whether fingerprint authentication is disabled.
Accepts **fingerprint** as the parameter to disable or enable fingerprint authentication for a specified user.
Accepts **fingerprint** as the parameter to query whether to disable fingerprint authentication for a specified user.| |disable_usb|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|Accepts **usb** as the parameter to enable or disable the USB capability.
Accepts **usb** as the parameter to query whether the USB capability is disabled.| |disable_wifi|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|Accepts **wifi** as the parameter to enable or disable the Wi-Fi capability.
Accepts **wifi** as the parameter to query whether the Wi-Fi capability is disabled.| |disallowed_tethering|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|Accepts **tethering** as the parameter to enable or disable network sharing.
Accepts **tethering** as the parameter to query whether the network sharing capability is disabled.| |inactive_user_freeze|[restrictions.setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy)
[restrictions.getDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedpolicy)|Accepts **inactiveUserFreeze** as the parameter to enable or disable the inactive user running capability.
Accepts **inactiveUserFreeze** as the parameter to query whether to disable the inactive user running capability.| |snapshot_skip|[restrictions.addDisallowedListForAccount](js-apis-enterprise-restrictions.md#restrictionsadddisallowedlistforaccount14)
[restrictions.removeDisallowedListForAccount](js-apis-enterprise-restrictions.md#restrictionsremovedisallowedlistforaccount14)
[restrictions.getDisallowedListForAccount](js-apis-enterprise-restrictions.md#restrictionsgetdisallowedlistforaccount14)|Accepts **snapshotSkip** as the parameter to add the applications that disable the screen snapshot function.
Accepts **snapshotSkip** as the parameter to remove the applications that disable the screen snapshot function.
Accepts **snapshotSkip** as the parameter to query the applications that disable the screen snapshot function.| |password_policy|[securityManager.setPasswordPolicy](js-apis-enterprise-securityManager.md#securitymanagersetpasswordpolicy)
[securityManager.getPasswordPolicy](js-apis-enterprise-securityManager.md#securitymanagergetpasswordpolicy)|Sets the device password policy.
Obtains the device password policy.| |clipboard_policy|[securityManager.setAppClipboardPolicy](js-apis-enterprise-securityManager.md#securitymanagersetappclipboardpolicy)
[securityManager.getAppClipboardPolicy](js-apis-enterprise-securityManager.md#securitymanagergetappclipboardpolicy)|Sets the device clipboard policy.
Obtains the device clipboard policy.| |watermark_image_policy|[securityManager.setWatermarkImage](js-apis-enterprise-securityManager.md#securitymanagersetwatermarkimage14)
[securityManager.cancelWatermarkImage](js-apis-enterprise-securityManager.md#securitymanagercancelwatermarkimage14)|Sets the watermark policy. Currently, this feature is available only for 2-in-1 devices.
Cancels the watermark policy. Currently, this feature is available only for 2-in-1 devices.| |ntp_server|[systemManager.setNTPServer](js-apis-enterprise-systemManager.md#systemmanagersetntpserver)
[systemManager.getNTPServer](js-apis-enterprise-systemManager.md#systemmanagergetntpserver)|Sets the NTP server policy.
Obtains the NTP server information.| |set_update_policy|[systemManager.setOtaUpdatePolicy](js-apis-enterprise-systemManager.md#systemmanagersetotaupdatepolicy)
[systemManager.getOtaUpdatePolicy](js-apis-enterprise-systemManager.md#systemmanagergetotaupdatepolicy)|Sets the update policy.
Queries the update policy.| |notify_upgrade_packages|[systemManager.notifyUpdatePackages](js-apis-enterprise-systemManager.md#systemmanagernotifyupdatepackages)
[systemManager.getUpdateResult](js-apis-enterprise-systemManager.md#systemmanagergetupdateresult)|Notifies the system of the update packages.
Obtains the system update result.| |allowed_usb_devices|[usbManager.addAllowedUsbDevices](js-apis-enterprise-usbManager.md#usbmanageraddallowedusbdevices)
[usbManager.removeAllowedUsbDevices](js-apis-enterprise-usbManager.md#usbmanagerremoveallowedusbdevices)
[usbManager.getAllowedUsbDevices](js-apis-enterprise-usbManager.md#usbmanagergetallowedusbdevices)|Adds allowed USB devices.
Removes allowed USB devices.
Obtains allowed USB devices.| |usb_read_only|[usbManager.setUsbStorageDeviceAccessPolicy](js-apis-enterprise-usbManager.md#usbmanagersetusbstoragedeviceaccesspolicy)
[usbManager.getUsbStorageDeviceAccessPolicy](js-apis-enterprise-usbManager.md#usbmanagergetusbstoragedeviceaccesspolicy)|Sets the USB storage device access policy.
Obtains the USB storage device access policy.| |disallowed_usb_devices|[usbManager.addDisallowedUsbDevices](js-apis-enterprise-usbManager.md#usbmanageradddisallowedusbdevices14)
[usbManager.removeDisallowedUsbDevices](js-apis-enterprise-usbManager.md#usbmanagerremovedisallowedusbdevices14)
[usbManager.getDisallowedUsbDevices](js-apis-enterprise-usbManager.md#usbmanagergetdisallowedusbdevices14)|Adds disallowed USB device types.
Removes disallowed USB device types.
Obtains disallowed USB device types.|