• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Account Management Overview
2
3<!--Kit: Basic Services Kit-->
4<!--Subsystem: Account-->
5<!--Owner: @steven-q-->
6<!--Designer: @JiDong-CS1-->
7<!--Tester: @zhaimengchao-->
8<!--Adviser: @zengyawen-->
9
10## Introduction
11
12The system allows multiple system (OS) accounts to be created on a device. This allows multiple users to use the same device. The data of multiple users is isolated by system account to ensure data security.
13
14## Basic Concepts
15
16Users are identified by accounts. A user can have multiple accounts. The **account** module manages the following types of accounts:
17
18- System account: unique identifier of a user on a device.
19
20- Domain account: unique identifier of a user in a specific domain, such as a company or school.
21
22- Distributed account: identifier of a user on a distributed network. It is provisioned, authenticated, and maintained by an organization or authority and can be used for authentication, networking, and service invocation between devices.
23
24- App account: unique identifier of an app user. Its lifecycle is managed by the application.
25
26## Relationships Between Accounts
27
28![account_er](figures/account_er.png)
29
30The **account** module uses the system account as the core for account management, in which other types of accounts are related to the system account in one way or another.
31
32- The domain account and the system account are in one-to-one (1:1) relationship, and have the same lifecycle.
33- The distributed account and the system account are in one-to-many (1:N) relationship. A user can bind a distributed account to a system account. Different system accounts can have the same distributed account. The lifecycle of a distributed account is independent of that of a system account.
34- The app account and the system account are in many-to-many (N:M) relationship. A user can have multiple app accounts under different system accounts. Different system accounts can have the same app account. The lifecycle of an app account is independent of that of a system account.
35- There is no direct relationship between the domain account, distributed account, and app account.
36
37When a system account is deleted, the associated domain account, distributed account, and app accounts are also deleted.