1# Permissions for Enterprise Applications 2 3The following permissions are available to <!--Del-->system applications and <!--DelEnd-->enterprise applications. Enterprise applications include normal enterprise apps and Mobile Device Management (MDM) applications. 4 5The distribution type of enterprise applications can be **enterprise_normal** (normal enterprise application) or **enterprise_mdm** (MDM application). You can <!--RP1-->obtain the distribution type from the **app-distribution-type** field in the [HarmonyAppProvision configuration file](../app-provision-structure.md).<!--RP1End--> 6 7For details about how to request the permissions for enterprise applications, see [declaring permissions](declare-permissions.md). 8 9## ohos.permission.SET_FILE_GUARD_POLICY 10 11Allows an application to update the file guard policy. 12 13**Permission level**: system_basic 14 15**Authorization mode**: system_grant 16 17<!--Del--> 18**Enable via ACL**: true<!--DelEnd--> 19 20**Valid since**: 10 21 22**Changelog**: For API versions 10 to 14, this permission is of the system_core level and available only to MDM applications. Starting from API version 14, the permission level is changed to system_basic and this permission is accessible to normal enterprise applications. 23 24## ohos.permission.FILE_GUARD_MANAGER 25 26Allows an application to scan media and sandbox and set file extended properties. 27 28**Permission level**: system_basic 29 30**Authorization mode**: system_grant 31 32<!--Del--> 33**Enable via ACL**: true<!--DelEnd--> 34 35**Valid since**: 10 36 37**Changelog**: For API versions 10 to 14, this permission is of the system_core level and available only to MDM applications. Starting from API version 14, the permission level is changed to system_basic and this permission is accessible to normal enterprise applications. 38 39## ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 40 41Allows an application to interact across local accounts. 42 43**Permission level**: system_basic 44 45**Authorization mode**: system_grant 46 47<!--Del--> 48**Enable via ACL**: true<!--DelEnd--> 49 50**Valid since**: 7 51 52**Changelog**: This permission is available only to system applications in API versions 7 to 13. From API version 14, it is available to normal enterprise applications. 53 54## ohos.permission.GET_RUNNING_INFO 55 56Allows an application to obtain running status information of another application. 57 58**Permission level**: system_basic 59 60**Authorization mode**: system_grant 61 62<!--Del--> 63**Enable via ACL**: true<!--DelEnd--> 64 65**Valid since**: 7 66 67**Changelog**: This permission is available only to system applications in API versions 7 to 13. From API version 14, it is available to normal enterprise applications. 68 69## ohos.permission.RUNNING_STATE_OBSERVER 70 71Allows an application to listen for the state of another application. 72 73**Permission level**: system_basic 74 75**Authorization mode**: system_grant 76 77<!--Del--> 78**Enable via ACL**: true<!--DelEnd--> 79 80**Valid since**: 7 81 82**Changelog**: This permission is available only to system applications in API versions 7 to 13. From API version 14, it is available to normal enterprise applications. 83 84## ohos.permission.GET_BUNDLE_INFO_PRIVILEGED 85 86Allows an application to obtain basic information and sensitive information about another application. 87 88**Permission level**: system_basic 89 90**Authorization mode**: system_grant 91 92<!--Del--> 93**Enable via ACL**: true<!--DelEnd--> 94 95**Valid since**: 7 96 97**Changelog**: This permission is available only to system applications in API versions 7 to 13. From API version 14, it is available to normal enterprise applications. 98 99## ohos.permission.GET_WIFI_CONFIG 100 101Allows an application to obtain the Wi-Fi configuration. 102 103**Permission level**: system_basic 104 105**Authorization mode**: system_grant 106 107<!--Del--> 108**Enable via ACL**: true<!--DelEnd--> 109 110**Valid since**: 8 111 112**Changelog**: This permission is available only to system applications in API versions 8 to 14. From API version 15, it is available to normal enterprise applications. 113 114## ohos.permission.SET_WIFI_CONFIG 115 116Allows an application to configure Wi-Fi information. 117 118**Permission level**: system_basic 119 120**Authorization mode**: system_grant 121 122<!--Del--> 123**Enable via ACL**: true<!--DelEnd--> 124 125**Valid since**: 8 126 127**Changelog**: This permission is available only to system applications in API versions 8 to 14. From API version 15, it is available to normal enterprise applications. 128 129## ohos.permission.GET_DOMAIN_ACCOUNTS 130 131Allows an application to obtain domain account information. 132 133**Permission level**: system_basic 134 135**Authorization mode**: system_grant 136 137<!--Del--> 138**Enable via ACL**: true<!--DelEnd--> 139 140**Valid since**: 10 141 142**Changelog**: This permission is available only to system applications in API versions 10 to 13. From API version 14, it is available to normal enterprise applications. 143 144## ohos.permission.QUERY_AUDIT_EVENT 145 146Allows an application to query security audit events. 147 148**Permission level**: system_basic 149 150**Authorization mode**: system_grant 151 152<!--Del--> 153**Enable via ACL**: true<!--DelEnd--> 154 155**Valid since**: 12 156 157**Changelog**: This permission is available only to MDM applications in API versions 12 to 13. From API version 14, it is available to normal enterprise applications. 158 159## ohos.permission.KILL_APP_PROCESSES 160 161Allows a system application to kill other applications. 162 163**Permission level**: system_basic 164 165**Authorization mode**: system_grant 166 167<!--Del--> 168**Enable via ACL**: true<!--DelEnd--> 169 170**Valid since**: 12 171 172**Changelog**: This permission is available only to system applications in API versions 7 to 13. From API version 14, it is available to normal enterprise applications. 173 174### ohos.permission.SET_TELEPHONY_ESIM_STATE_OPEN 175 176Allows a system application or carrier application to set the eSIM nickname and activate the eSIM. 177 178**Permission level**: system_basic 179 180**Authorization mode**: system_grant 181 182<!--Del--> 183**Enable via ACL**: true<!--DelEnd--> 184 185**Valid since**: 14 186 187**Changelog**: Since API version 14, the permission level is changed to system_basic, and this permission is available only to normal enterprise applications instead of all applications. 188 189## ohos.permission.MANAGE_ENTERPRISE_WIFI_CONNECTION 190 191Allows an application to manage Wi-Fi connections. 192 193**Permission level**: system_basic 194 195**Authorization mode**: system_grant 196 197**Enable via ACL**: true 198 199**Valid since**: 15 200 201## ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT 202 203Allows an application to access the user CA certificates of enterprise devices. 204 205With this permission, the enterprise application can install private CA certificates on enterprise devices and manage the installed certificates. 206 207**Permission level**: system_basic 208 209**Authorization mode**: system_grant 210 211<!--Del--> 212**Enable via ACL**: true<!--DelEnd--> 213 214**Valid since**: 18 215 216## ohos.permission.MANAGE_NET_FIREWALL 217 218Allows a system application to configure firewall rules. 219 220Currently, this permission is available only to 2-in-1 device applications. 221 222**Permission level**: system_basic 223 224**Authorization mode**: system_grant 225 226<!--Del--> 227**Enable via ACL**: true<!--DelEnd--> 228 229**Valid since**: 12 230 231**Changelog**: This permission is available only to system applications in API versions 12 to 14. From API version 15, it is available to normal enterprise applications. 232 233## ohos.permission.GET_NET_FIREWALL 234 235Allows a system application to obtain firewall rules and firewall interception records. 236 237Currently, this permission is available only to 2-in-1 device applications. 238 239**Permission level**: system_basic 240 241**Authorization mode**: system_grant 242 243<!--Del--> 244**Enable via ACL**: true<!--DelEnd--> 245 246**Valid since**: 12 247 248**Changelog**: This permission is available only to system applications in API versions 12 to 14. From API version 15, it is available to normal enterprise applications. 249 250## ohos.permission.GET_DOMAIN_ACCOUNT_SERVER_CONFIGS 251 252Allows an application to obtain domain account server configurations. 253 254**Permission level**: system_basic 255 256**Authorization mode**: system_grant 257 258<!--Del--> 259**Enable via ACL**: true<!--DelEnd--> 260 261**Valid since**: 18 262 263## ohos.permission.MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS 264 265Allows an application to manage domain account server configurations. 266 267**Permission level**: system_basic 268 269**Authorization mode**: system_grant 270 271<!--Del--> 272**Enable via ACL**: true<!--DelEnd--> 273 274**Valid since**: 18 275 276## ohos.permission.MANAGE_DOMAIN_ACCOUNTS 277 278Allows an application to manage domain accounts. 279 280**Permission level**: system_basic 281 282**Authorization mode**: system_grant 283 284<!--Del--> 285**Enable via ACL**: true<!--DelEnd--> 286 287**Valid since**: 18 288 289## ohos.permission.GET_SIGNATURE_INFO 290 291Allows an application to obtain the application package signature information. 292 293**Permission level**: system_basic 294 295**Authorization mode**: system_grant 296 297<!--Del--> 298**Enable via ACL**: true<!--DelEnd--> 299 300**Valid since**: 18 301 302## ohos.permission.VISIBLE_WINDOW_INFO 303 304Allows an application to obtain visible window information of the current screen. 305 306**Permission level**: system_basic 307 308**Authorization mode**: system_grant 309 310<!--Del--> 311**Enable via ACL**: true<!--DelEnd--> 312 313**Valid since**: 18 314