1# DataAbility Permission Control 2<!--Kit: Ability Kit--> 3<!--Subsystem: Ability--> 4<!--Owner: @xialiangwei--> 5<!--Designer: @jsjzju--> 6<!--Tester: @lixueqing513--> 7<!--Adviser: @huipeizi--> 8 9 10The DataAbility uses permission control to determine whether an ability can access the data service it provides. There are static and dynamic permission controls. 11 12 13## Static Permission Control 14 15The DataAbility functions as the server. When being started, the DataAbility verifies the client permissions against the settings of the optional fields **readPermission**, **writePermission**, and **Permission** fields in the **config.json** file. The following is an example: 16 17 18```json 19"abilities": [ 20 ... 21 { 22 "name": ".DataAbility", 23 "srcLanguage": "ets", 24 "srcPath": "DataAbility", 25 "icon": "$media:icon", 26 "description": "$string:DataAbility_desc", 27 "type": "data", 28 "visible": true, 29 "uri": "dataability://com.samples.famodelabilitydevelop.DataAbility", 30 "readPermission": "ohos.permission.READ_CONTACTS", 31 "writePermission": "ohos.permission.WRITE_CONTACTS" 32 }, 33 ... 34] 35``` 36 37The client permission is configured in **reqPermissions** under **module** in the **config.json** file. The following is an example: 38 39 40```json 41{ 42 ... 43 "module": { 44 ... 45 "reqPermissions": [ 46 { 47 "name": "ohos.permission.READ_CONTACTS" 48 }, 49 { 50 "name": "ohos.permission.WRITE_CONTACTS" 51 }, 52 ... 53 ], 54 ... 55 } 56} 57``` 58 59 60## Dynamic Permission Control 61 62Static permission control determines whether a DataAbility can be started by another ability or application. It does not verify the permission of each read/write interface. 63 64Dynamic permission control verifies whether the client has the corresponding permission for every read/write interface. The table below lists the permissions required for calling these interfaces. 65 66**Table 1** Permission configuration for data read/write interfaces 67 68| Interface with the Read Permission| Interface with the Write Permission| Interface with the Read/Write Permission Based on Actual Requirements| 69| -------- | -------- | -------- | 70| query, normalizeUri, denormalizeUri, openfile (with **mode** set to **'r'**)| insert, batchInsert, delete, update, openfile (with **mode** set to **'w'**)| executeBatch | 71 72For interfaces that require the read permission, the server must have **readPermission** specified, and the client must obtain the read permission before calling them. 73 74For interfaces that require the write permission, the server must have **writePermission** specified, and the client must obtain the write permission before calling them. 75