• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Permissions for MDM Applications
2
3<!--Kit: ArkUI-->
4<!--Subsystem: Security-->
5<!--Owner: @harylee-->
6<!--SE: @linshuqing; @hehehe-li-->
7<!--TSE: @leiyuqian-->
8
9The following permissions are available only to Mobile Device Management (MDM) applications. For details about MDM applications, see [Introduction to MDM Kit](../../mdm/mdm-kit-intro.md).
10
11> **NOTE**
12>
13> The following permissions do not support automatic code signing. You must [manually sign the code](https://developer.huawei.com/consumer/en/doc/harmonyos-guides/ide-signing#section297715173233) during the debugging and release phases.
14
15## ohos.permission.ENTERPRISE_GET_DEVICE_INFO
16
17Allows an application to activate a device administrator application.
18
19**Permission level**: system_basic
20
21**Authorization mode**: system_grant
22
23<!--Del-->
24**Enable via ACL**: true<!--DelEnd-->
25
26**Valid since**: 10
27
28## ohos.permission.ENTERPRISE_GET_NETWORK_INFO
29
30Allows a device administrator application to query network information.
31
32**Permission level**: system_basic
33
34**Authorization mode**: system_grant
35
36<!--Del-->
37**Enable via ACL**: true<!--DelEnd-->
38
39**Valid since**: 10
40
41## ohos.permission.ENTERPRISE_INSTALL_BUNDLE
42
43Allows a device administrator application to install and uninstall applications.
44
45**Permission level**: system_core
46
47**Authorization mode**: system_grant
48
49<!--Del-->
50**Enable via ACL**: true<!--DelEnd-->
51
52**Valid since**: 10
53
54## ohos.permission.ENTERPRISE_MANAGE_SET_APP_RUNNING_POLICY
55
56Allows a device administrator application to set application running policies.
57
58**Permission level**: system_basic
59
60**Authorization mode**: system_grant
61
62<!--Del-->
63**Enable via ACL**: true<!--DelEnd-->
64
65**Valid since**: 10
66
67## ohos.permission.ENTERPRISE_RESET_DEVICE
68
69Allows a device administrator application to restore devices' factory settings.
70
71**Permission level**: system_basic
72
73**Authorization mode**: system_grant
74
75<!--Del-->
76**Enable via ACL**: true<!--DelEnd-->
77
78**Valid since**: 10
79
80## ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
81
82Allows a device administrator application to set account management policies.
83
84**Permission level**: system_basic
85
86**Authorization mode**: system_grant
87
88<!--Del-->
89**Enable via ACL**: true<!--DelEnd-->
90
91**Valid since**: 10
92
93## ohos.permission.ENTERPRISE_SET_BUNDLE_INSTALL_POLICY
94
95Allows a device administrator application to set bundle installation policies.
96
97**Permission level**: system_basic
98
99**Authorization mode**: system_grant
100
101<!--Del-->
102**Enable via ACL**: true<!--DelEnd-->
103
104**Valid since**: 10
105
106## ohos.permission.ENTERPRISE_SET_DATETIME
107
108Allows a device administrator application to set the system time.
109
110**Permission level**: system_basic
111
112**Authorization mode**: system_grant
113
114<!--Del-->
115**Enable via ACL**: true<!--DelEnd-->
116
117**Valid since**: 9
118
119## ohos.permission.ENTERPRISE_SET_NETWORK
120
121Allows a device administrator application to set network information.
122
123**Permission level**: system_basic
124
125**Authorization mode**: system_grant
126
127<!--Del-->
128**Enable via ACL**: true<!--DelEnd-->
129
130**Valid since**: 10
131
132## ohos.permission.ENTERPRISE_SET_WIFI
133
134Allows a device administrator application to set and query Wi-Fi information.
135
136**Permission level**: system_basic
137
138**Authorization mode**: system_grant
139
140<!--Del-->
141**Enable via ACL**: true<!--DelEnd-->
142
143**Valid since**: 10
144
145## ohos.permission.ENTERPRISE_SUBSCRIBE_MANAGED_EVENT
146
147Allows a device administrator application to subscribe to management events.
148
149**Permission level**: system_basic
150
151**Authorization mode**: system_grant
152
153<!--Del-->
154**Enable via ACL**: true<!--DelEnd-->
155
156**Valid since**: 9
157
158## ohos.permission.ENTERPRISE_RESTRICT_POLICY
159
160Allows a device administrator application to deliver and obtain restriction policies.
161
162**Permission level**: system_basic
163
164**Authorization mode**: system_grant
165
166<!--Del-->
167**Enable via ACL**: true<!--DelEnd-->
168
169**Valid since**: 10
170
171## ohos.permission.ENTERPRISE_SET_SCREENOFF_TIME
172
173Allows the device administrator application to set the screen off time.
174
175**Permission level**: system_basic
176
177**Authorization mode**: system_grant
178
179<!--Del-->
180**Enable via ACL**: true<!--DelEnd-->
181
182**Valid since**: 10
183
184## ohos.permission.ENTERPRISE_MANAGE_USB
185
186Allows a device administrator application to manage the USB.
187
188**Permission level**: system_basic
189
190**Authorization mode**: system_grant
191
192<!--Del-->
193**Enable via ACL**: true<!--DelEnd-->
194
195**Valid since**: 10
196
197## ohos.permission.ENTERPRISE_MANAGE_NETWORK
198
199Allows a device administrator application to manage the network.
200
201**Permission level**: system_basic
202
203**Authorization mode**: system_grant
204
205<!--Del-->
206**Enable via ACL**: true<!--DelEnd-->
207
208**Valid since**: 10
209
210## ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE
211
212Allows a device administrator application to manage certificates.
213
214**Permission level**: system_basic
215
216**Authorization mode**: system_grant
217
218<!--Del-->
219**Enable via ACL**: true<!--DelEnd-->
220
221**Valid since**: 10
222
223## ohos.permission.ENTERPRISE_GET_SETTINGS
224
225Allows a device administrator application to obtain the **Settings** application data.
226
227**Permission level**: system_basic
228
229**Authorization mode**: system_grant
230
231<!--Del-->
232**Enable via ACL**: true<!--DelEnd-->
233
234**Valid since**: 10
235
236## ohos.permission.INSTALL_ENTERPRISE_MDM_BUNDLE
237
238Allows installation of enterprise MDM applications on enterprise devices.
239
240**Permission level**: system_core
241
242**Authorization mode**: system_grant
243
244<!--Del-->
245**Enable via ACL**: true<!--DelEnd-->
246
247**Valid since**: 10
248
249## ohos.permission.INSTALL_SELF_BUNDLE
250
251Allows automatic updates of enterprise MDM applications on enterprise devices.
252
253**Permission level**: system_core
254
255**Authorization mode**: system_grant
256
257<!--Del-->
258**Enable via ACL**: true<!--DelEnd-->
259
260**Valid since**: 10
261
262## ohos.permission.ENTERPRISE_SET_BROWSER_POLICY
263
264Allows the device to set or cancel browser policies.
265
266**Permission level**: system_basic
267
268**Authorization mode**: system_grant
269
270<!--Del-->
271**Enable via ACL**: true<!--DelEnd-->
272
273**Valid since**: 10
274
275## ohos.permission.SET_ENTERPRISE_INFO
276
277Allows a device administrator application to set enterprise information.
278
279**Permission level**: system_basic
280
281**Authorization mode**: system_grant
282
283<!--Del-->
284**Enable via ACL**: true<!--DelEnd-->
285
286**Valid since**: 9
287
288## ohos.permission.ENTERPRISE_MANAGE_SECURITY
289
290Allows a device administrator application to set security management policies for devices.
291
292**Permission level**: system_basic
293
294**Authorization mode**: system_grant
295
296<!--Del-->
297**Enable via ACL**: true<!--DelEnd-->
298
299**Valid since**: 11
300
301## ohos.permission.ENTERPRISE_MANAGE_BLUETOOTH
302
303Allows a device administrator application to set and obtain Bluetooth information.
304
305**Permission level**: system_basic
306
307**Authorization mode**: system_grant
308
309<!--Del-->
310**Enable via ACL**: true<!--DelEnd-->
311
312**Valid since**: 11
313
314## ohos.permission.ENTERPRISE_MANAGE_SYSTEM
315
316Allows a device administrator application to manage system parameters.
317
318**Permission level**: system_basic
319
320**Authorization mode**: system_grant
321
322<!--Del-->
323**Enable via ACL**: true<!--DelEnd-->
324
325**Valid since**: 11
326
327## ohos.permission.ENTERPRISE_MANAGE_WIFI
328
329Allows a device administrator application to set and obtain Wi-Fi information.
330
331**Permission level**: system_basic
332
333**Authorization mode**: system_grant
334
335<!--Del-->
336**Enable via ACL**: true<!--DelEnd-->
337
338**Valid since**: 11
339
340## ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
341
342Allows a device administrator application to manage restriction policies.
343
344**Permission level**: system_basic
345
346**Authorization mode**: system_grant
347
348<!--Del-->
349**Enable via ACL**: true<!--DelEnd-->
350
351**Valid since**: 11
352
353## ohos.permission.ENTERPRISE_MANAGE_APPLICATION
354
355Allows a device administrator application to manage application policies.
356
357**Permission level**: system_basic
358
359**Authorization mode**: system_grant
360
361<!--Del-->
362**Enable via ACL**: true<!--DelEnd-->
363
364**Valid since**: 11
365
366## ohos.permission.ENTERPRISE_MANAGE_LOCATION
367
368Allows a device administrator application to set and obtain location information.
369
370**Permission level**: system_basic
371
372**Authorization mode**: system_grant
373
374<!--Del-->
375**Enable via ACL**: true<!--DelEnd-->
376
377**Valid since**: 11
378
379## ohos.permission.ENTERPRISE_REBOOT
380
381Allows a device administrator application to shut down and restart devices.
382
383**Permission level**: system_basic
384
385**Authorization mode**: system_grant
386
387<!--Del-->
388**Enable via ACL**: true<!--DelEnd-->
389
390**Valid since**: 11
391
392## ohos.permission.ENTERPRISE_LOCK_DEVICE
393
394Allows a device administrator application to lock devices.
395
396**Permission level**: system_basic
397
398**Authorization mode**: system_grant
399
400<!--Del-->
401**Enable via ACL**: true<!--DelEnd-->
402
403**Valid since**: 11
404
405## ohos.permission.ENTERPRISE_MANAGE_SETTINGS
406
407Allows a device administrator application to manage settings.
408
409**Permission level**: system_basic
410
411**Authorization mode**: system_grant
412
413<!--Del-->
414**Enable via ACL**: true<!--DelEnd-->
415
416**Valid since**: 11
417
418## ohos.permission.ENTERPRISE_OPERATE_DEVICE
419
420Allows a device administrator application to operate devices.
421
422**Permission level**: system_basic
423
424**Authorization mode**: system_grant
425
426<!--Del-->
427**Enable via ACL**: true<!--DelEnd-->
428
429**Valid since**: 12
430
431## ohos.permission.ENTERPRISE_ADMIN_MANAGE
432
433Allows an application to manage a device administrator application.
434
435**Permission level**: system_basic
436
437**Authorization mode**: system_grant
438
439<!--Del-->
440**Enable via ACL**: true<!--DelEnd-->
441
442**Valid since**: 12
443
444## ohos.permission.ENTERPRISE_RECOVERY_KEY
445
446Allows an application to manage the enterprise recovery keys.
447
448**Permission level**: system_core
449
450**Authorization mode**: system_grant
451
452<!--Del-->
453**Enable via ACL**: true<!--DelEnd-->
454
455**Valid since**: 13
456
457## ohos.permission.ENTERPRISE_MANAGE_DELEGATED_POLICY
458
459Allows a device administrator application to delegate other applications to set device management policies.
460
461**Permission level**: system_basic
462
463**Authorization mode**: system_grant
464
465<!--Del-->
466**Enable via ACL**: true<!--DelEnd-->
467
468**Valid since**: 14
469
470## ohos.permission.ENTERPRISE_GET_ALL_BUNDLE_INFO
471
472Allows a device administrator application to obtain information about all applications of the device.
473
474**Permission level**: system_basic
475
476**Authorization mode**: system_grant
477
478<!--Del-->
479**Enable via ACL**: true<!--DelEnd-->
480
481**Supported devices**: phones | PCs/2-in-1 devices | tablets
482
483**Valid since**: 20
484
485## ohos.permission.ENTERPRISE_SET_USER_RESTRICTION
486
487Allows a device administrator application to restrict users from modifying system settings.
488
489**Permission level**: system_basic
490
491**Authorization mode**: system_grant
492
493<!--Del-->
494**Enable via ACL**: true<!--DelEnd-->
495
496**Supported devices**: phones | PCs/2-in-1 devices | tablets
497
498**Valid since**: 20
499
500## ohos.permission.ENTERPRISE_MANAGE_APN
501
502Allows a device administrator application to manage device APN policies.
503
504**Permission level**: system_basic
505
506**Authorization mode**: system_grant
507
508<!--Del-->
509**Enable via ACL**: true<!--DelEnd-->
510
511**Supported devices**: phones | PCs/2-in-1 devices | tablets
512
513**Valid since**: 20
514
515## ohos.permission.ENTERPRISE_MANAGE_TELEPHONY
516
517Allows a device administrator application to manage device telephony policies.
518
519**Permission level**: system_basic
520
521**Authorization mode**: system_grant
522
523<!--Del-->
524**Enable via ACL**: true<!--DelEnd-->
525
526**Supported devices**: phones | PCs/2-in-1 devices | tablets
527
528**Valid since**: 20
529
530## ohos.permission.ENTERPRISE_SET_KIOSK
531
532Allows a device administrator application to set the Kiosk mode.
533
534**Permission level**: system_basic
535
536**Authorization mode**: system_grant
537
538<!--Del-->
539**Enable via ACL**: true<!--DelEnd-->
540
541**Supported devices**: phones | PCs/2-in-1 devices | tablets
542
543**Valid since**: 20
544
545## ohos.permission.ENTERPRISE_MANAGE_LOCAL_PUBLICSPACES
546
547Allows an enterprise application to enable, create, and delete workspaces.
548
549With this permission, the application can set the password-free login duration for workspace switching, user photos, and the list of non-deletable workspaces.
550
551**Permission level**: system_basic
552
553**Authorization mode**: system_grant
554
555<!--Del-->
556**Enable via ACL**: true<!--DelEnd-->
557
558**Supported devices**: PCs/2-in-1 devices
559
560**Valid since**: 20
561
562## ohos.permission.ENTERPRISE_FILE_TRANSFER_AUDIT_POLICY_MANAGEMENT
563
564Allows an MDM application to manage file transfer policies and audit information.
565
566**Permission level**: system_basic
567
568**Authorization mode**: system_grant
569
570<!--Del-->
571**Enable via ACL**: true<!--DelEnd-->
572
573**Supported devices**: PCs/2-in-1 devices
574
575**Valid since**: 20
576
577## ohos.permission.ENTERPRISE_SET_WALLPAPER
578
579Allows a device administrator application to set wallpapers.
580
581**Permission level**: system_basic
582
583**Authorization mode**: system_grant
584
585<!--Del-->
586**Enable via ACL**: true<!--DelEnd-->
587
588**Supported devices**: phones | PCs/2-in-1 devices | tablets
589
590**Valid since**: 20
591
592## ohos.permission.MANAGE_PREINSTALLED_ANTIVIRUS
593
594Allows an MDM application to manage pre-installed antivirus software.
595
596**Permission level**: system_basic
597
598**Authorization mode**: system_grant
599
600<!--Del-->
601**Enable via ACL**: true<!--DelEnd-->
602
603**Supported devices**: phones | PCs/2-in-1 devices | tablets
604
605**Valid since**: 20
606
607## ohos.permission.ENTERPRISE_MANAGE_USER_GRANT_PERMISSION
608
609Allows a mobile device management (MDM) application to configure user_grant permission policies.
610
611With this permission, the MDM application can configure user_grant permission policies for managed applications. Specifically, permissions can be silently granted, denied, or retained (without interfering with application requests).
612
613**Permission level**: system_basic
614
615**Authorization mode**: system_grant
616
617<!--Del-->
618**Enable via ACL**: true<!--DelEnd-->
619
620**Supported devices**: phones | PCs/2-in-1 devices | tablets
621
622**Valid since**: 20
623