# Permissions for MDM Applications The following permissions are available only to Mobile Device Management (MDM) applications. For details about MDM applications, see [Introduction to MDM Kit](../../mdm/mdm-kit-intro.md). > **NOTE** > > The following permissions do not support automatic code signing. You must [manually sign the code](https://developer.huawei.com/consumer/en/doc/harmonyos-guides/ide-signing#section297715173233) during the debugging and release phases. ## ohos.permission.ENTERPRISE_GET_DEVICE_INFO Allows an application to activate a device administrator application. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_GET_NETWORK_INFO Allows a device administrator application to query network information. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_INSTALL_BUNDLE Allows a device administrator application to install and uninstall applications. **Permission level**: system_core **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_MANAGE_SET_APP_RUNNING_POLICY Allows a device administrator application to set application running policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_RESET_DEVICE Allows a device administrator application to restore devices' factory settings. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY Allows a device administrator application to set account management policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY Allows a device administrator application to set bundle installation policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_SET_DATETIME Allows a device administrator application to set the system time. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 9 ## ohos.permission.ENTERPRISE_SET_NETWORK Allows a device administrator application to set network information. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_SET_WIFI Allows a device administrator application to set and query Wi-Fi information. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_SUBSCRIBE_MANAGED_EVENT Allows a device administrator application to subscribe to management events. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 9 ## ohos.permission.ENTERPRISE_RESTRICT_POLICY Allows a device administrator application to deliver and obtain restriction policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_SET_SCREENOFF_TIME Allows the device administrator application to set the screen off time. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_MANAGE_USB Allows a device administrator application to manage the USB. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_MANAGE_NETWORK Allows a device administrator application to manage the network. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE Allows a device administrator application to manage certificates. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_GET_SETTINGS Allows a device administrator application to obtain the **Settings** application data. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.INSTALL_ENTERPRISE_MDM_BUNDLE Allows installation of enterprise MDM applications on enterprise devices. **Permission level**: system_core **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.INSTALL_SELF_BUNDLE Allows automatic updates of enterprise MDM applications on enterprise devices. **Permission level**: system_core **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.ENTERPRISE_SET_BROWSER_POLICY Allows the device to set or cancel browser policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 10 ## ohos.permission.SET_ENTERPRISE_INFO Allows a device administrator application to set enterprise information. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 9 ## ohos.permission.ENTERPRISE_MANAGE_SECURITY Allows a device administrator application to set security management policies for devices. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_MANAGE_BLUETOOTH Allows a device administrator application to set and obtain Bluetooth information. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_MANAGE_SYSTEM Allows a device administrator application to manage system parameters. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_MANAGE_WIFI Allows a device administrator application to set and obtain Wi-Fi information. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS Allows a device administrator application to manage restriction policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_MANAGE_APPLICATION Allows a device administrator application to manage application policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_MANAGE_LOCATION Allows a device administrator application to set and obtain location information. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_REBOOT Allows a device administrator application to shut down and restart devices. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_LOCK_DEVICE Allows a device administrator application to lock devices. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_MANAGE_SETTINGS Allows a device administrator application to manage settings. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 11 ## ohos.permission.ENTERPRISE_OPERATE_DEVICE Allows a device administrator application to operate devices. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 12 ## ohos.permission.ENTERPRISE_ADMIN_MANAGE Allows an application to manage a device administrator application. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 12 ## ohos.permission.ENTERPRISE_RECOVERY_KEY Allows an application to manage the enterprise recovery keys. **Permission level**: system_core **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 13 ## ohos.permission.ENTERPRISE_MANAGE_DELEGATED_POLICY Allows a device administrator application to delegate other applications to set device management policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Valid since**: 14 ## ohos.permission.ENTERPRISE_GET_ALL_BUNDLE_INFO Allows a device administrator application to obtain information about all applications of the device. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: phones | PCs/2-in-1 devices | tablets **Valid since**: 20 ## ohos.permission.ENTERPRISE_SET_USER_RESTRICTION Allows a device administrator application to restrict users from modifying system settings. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: phones | PCs/2-in-1 devices | tablets **Valid since**: 20 ## ohos.permission.ENTERPRISE_MANAGE_APN Allows a device administrator application to manage device APN policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: phones | PCs/2-in-1 devices | tablets **Valid since**: 20 ## ohos.permission.ENTERPRISE_MANAGE_TELEPHONY Allows a device administrator application to manage device telephony policies. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: phones | PCs/2-in-1 devices | tablets **Valid since**: 20 ## ohos.permission.ENTERPRISE_SET_KIOSK Allows a device administrator application to set the Kiosk mode. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: phones | PCs/2-in-1 devices | tablets **Valid since**: 20 ## ohos.permission.ENTERPRISE_MANAGE_LOCAL_PUBLICSPACES Allows an enterprise application to enable, create, and delete workspaces. With this permission, the application can set the password-free login duration for workspace switching, user photos, and the list of non-deletable workspaces. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: PCs/2-in-1 devices **Valid since**: 20 ## ohos.permission.ENTERPRISE_FILE_TRANSFER_AUDIT_POLICY_MANAGEMENT Allows an MDM application to manage file transfer policies and audit information. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: PCs/2-in-1 devices **Valid since**: 20 ## ohos.permission.ENTERPRISE_SET_WALLPAPER Allows a device administrator application to set wallpapers. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: phones | PCs/2-in-1 devices | tablets **Valid since**: 20 ## ohos.permission.MANAGE_PREINSTALLED_ANTIVIRUS Allows an MDM application to manage pre-installed antivirus software. **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: phones | PCs/2-in-1 devices | tablets **Valid since**: 20 ## ohos.permission.ENTERPRISE_MANAGE_USER_GRANT_PERMISSION Allows a mobile device management (MDM) application to configure user_grant permission policies. With this permission, the MDM application can configure user_grant permission policies for managed applications. Specifically, permissions can be silently granted, denied, or retained (without interfering with application requests). **Permission level**: system_basic **Authorization mode**: system_grant **Enable via ACL**: true **Supported devices**: phones | PCs/2-in-1 devices | tablets **Valid since**: 20