1# Requesting Restricted Permissions 2 3<!--Kit: Ability Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @xia-bubai--> 6<!--SE: @linshuqing; @hehehe-li--> 7<!--TSE: @leiyuqian--> 8 9Generally, restricted permissions are unavailable to third-party applications. If an application with a lower APL requires a permission of a higher APL, you can declare the required permissions in the Access Control List (ACL). 10 11For example, if a normal application needs to use the global floating window, it needs the ohos.permission.SYSTEM_FLOAT_WINDOW permission, which is of the system_basic level. If the application needs to capture a screen image, it needs the ohos.permission.CAPTURE_SCREEN permission, which is of the system_core level. To enable the normal application to have system_basic and system_core permissions, you must use the ACL. 12 13The methods provided in this topic apply only for the applications in the debug phase. If you need to develop an application of the commercial version, apply for a release certificate and signing file in the app market. 14 15- Method 1: Use DevEco Studio to [request permissions via ACL](https://developer.huawei.com/consumer/en/doc/harmonyos-guides/ide-signing). 16 17- Method 2: Declare the required permissions in the HarmonyAppProvision configuration file. 18 1. Open the **Sdk/openharmony/_{Version} _/toolchains /lib/UnsgnedReleasedProfileTemplate.json** file in the SDK directory. 19 2. Add the restricted permissions to be requested. 20 21 - Add the restricted permissions that do not carry permission data in **acls** > **allowed-acls**. 22 - Add the restricted permissions that carry permission data in the **app-services-capabilities** field. 23 24 ```json 25 { 26 // ... 27 "acls":{ 28 "allowed-acls":[ 29 "ohos.permission.WRITE_AUDIO", 30 "ohos.permission.CAPTURE_SCREEN" 31 ] 32 }, 33 "app-services-capabilities": { 34 "ohos.permission.ACCESS_DDK_DRIVERS": "..." 35 } 36 } 37 ``` 38 39 3. Sign the application again. 40