1/* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit MDMKit 19 */ 20 21import type { AsyncCallback } from './@ohos.base'; 22import type Want from './@ohos.app.ability.Want'; 23import type osAccount from './@ohos.account.osAccount'; 24 25/** 26 * This module provides the capability to manage the accounts of the enterprise devices. 27 * 28 * @namespace accountManager 29 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 30 * @since 10 31 */ 32declare namespace accountManager { 33 /** 34 * The policy of domain account 35 * 36 * @interface DomainAccountPolicy 37 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 38 * @stagemodelonly 39 * @since 19 40 */ 41 interface DomainAccountPolicy { 42 /** 43 * The validity period of authentication. 44 * 45 * @type { ?number } 46 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 47 * @stagemodelonly 48 * @since 19 49 */ 50 authenticationValidityPeriod?: number; 51 52 /** 53 * The validity period of password. 54 * 55 * @type { ?number } 56 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 57 * @stagemodelonly 58 * @since 19 59 */ 60 passwordValidityPeriod?: number; 61 62 /** 63 * The password expiration notification. 64 * 65 * @type { ?number } 66 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 67 * @stagemodelonly 68 * @since 19 69 */ 70 passwordExpirationNotification?: number; 71 } 72 73 /** 74 * Disallow the user of device add local account. 75 * This function can be called by a super administrator. 76 * 77 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 78 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 79 * The admin must have the corresponding permission. 80 * @param { boolean } disallow - true if the user is not allowed to add local account. 81 * @param { AsyncCallback<void> } callback - the callback of disallowAddLocalAccount. 82 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 83 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 84 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 85 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 86 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 87 * 2. Incorrect parameter types; 3. Parameter verification failed. 88 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 89 * @systemapi 90 * @StageModelOnly 91 * @since 10 92 */ 93 function disallowAddLocalAccount(admin: Want, disallow: boolean, callback: AsyncCallback<void>): void; 94 95 /** 96 * Disallow the user of device add local account. 97 * This function can be called by a super administrator. 98 * 99 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 100 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 101 * The admin must have the corresponding permission. 102 * @param { boolean } disallow - true if the user is not allowed to add local account. 103 * @returns { Promise<void> } the promise returned by the disallowAddLocalAccount. 104 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 105 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 106 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 107 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 108 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 109 * 2. Incorrect parameter types; 3. Parameter verification failed. 110 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 111 * @systemapi 112 * @StageModelOnly 113 * @since 10 114 */ 115 function disallowAddLocalAccount(admin: Want, disallow: boolean): Promise<void>; 116 117 /** 118 * Disallows the user to add an OS account. 119 * This function can be called by a super administrator. 120 * 121 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 122 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 123 * The admin must have the corresponding permission. 124 * @param { number } userId - indicates the user ID. It cannot be the ID of a user that does not exist. 125 * @param { boolean } disallow - true if the specific user is not allowed to add an OS account. 126 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 127 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 128 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 129 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 130 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 131 * 2. Incorrect parameter types; 3. Parameter verification failed. 132 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 133 * @systemapi 134 * @stagemodelonly 135 * @since 11 136 */ 137 function disallowAddOsAccountByUser(admin: Want, userId: number, disallow: boolean): void; 138 139 /** 140 * Queries whether the user is disallowed to add an OS account. 141 * This function can be called by a super administrator. 142 * 143 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 144 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 145 * If the admin is not empty, it must have the corresponding permission. 146 * @param { number } userId - indicates the user ID. It cannot be the ID of a user that does not exist. 147 * @returns { boolean } true if the specific user is not allowed to add an OS account. 148 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 149 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 150 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 151 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 152 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 153 * 2. Incorrect parameter types; 3. Parameter verification failed. 154 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 155 * @systemapi 156 * @stagemodelonly 157 * @since 11 158 */ 159 function isAddOsAccountByUserDisallowed(admin: Want, userId: number): boolean; 160 161 /** 162 * Adds an OS account using the name and account type. 163 * This function can be called by a super administrator. 164 * 165 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 166 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 167 * The admin must have the corresponding permission. 168 * @param { string } name - the OS account name. It cannot be empty. 169 * @param { osAccount.OsAccountType } type - the OS account type. It can only be one of specified types. 170 * @returns { osAccount.OsAccountInfo } information about the OS account added. 171 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 172 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 173 * @throws { BusinessError } 9201003 - Failed to add an OS account. 174 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 175 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 176 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 177 * 2. Incorrect parameter types; 3. Parameter verification failed. 178 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 179 * @systemapi 180 * @stagemodelonly 181 * @since 11 182 */ 183 function addOsAccount(admin: Want, name: string, type: osAccount.OsAccountType): osAccount.OsAccountInfo; 184 185 /** 186 * Disallows the account or all accounts to add an OS account. 187 * This function can be called by a super administrator. 188 * 189 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 190 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 191 * The admin must have the corresponding permission. 192 * @param { boolean } disallow - true if the specific account or all accounts are not allowed to add an OS account. 193 * @param { number } [accountId] - indicates the account ID. It cannot be the ID of an account that does not exist. 194 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 195 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 196 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 197 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 198 * 2. Incorrect parameter types; 3. Parameter verification failed. 199 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 200 * @stagemodelonly 201 * @since 12 202 */ 203 function disallowOsAccountAddition(admin: Want, disallow: boolean, accountId?: number): void; 204 205 /** 206 * Queries whether the account or all accounts is disallowed to add an OS account. 207 * This function can be called by a super administrator. 208 * 209 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 210 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 211 * If the admin is not empty, it must have the corresponding permission. 212 * @param { number } [accountId] - indicates the account ID. It cannot be the ID of an account that does not exist. 213 * @returns { boolean } true if the specific account or all accounts are not allowed to add an OS account. 214 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 215 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 216 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 217 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 218 * 2. Incorrect parameter types; 3. Parameter verification failed. 219 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 220 * @stagemodelonly 221 * @since 12 222 */ 223 function isOsAccountAdditionDisallowed(admin: Want, accountId?: number): boolean; 224 225 /** 226 * Adds an OS account using the name and account type. 227 * This function can be called by a super administrator. 228 * 229 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 230 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 231 * The admin must have the corresponding permission. 232 * @param { string } name - the OS account name. It cannot be empty. 233 * @param { osAccount.OsAccountType } type - the OS account type. It can only be one of correct types. 234 * @returns { Promise<osAccount.OsAccountInfo> } information about the OS account added. 235 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 236 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 237 * @throws { BusinessError } 9201003 - Failed to add an OS account. 238 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 239 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 240 * 2. Incorrect parameter types; 3. Parameter verification failed. 241 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 242 * @stagemodelonly 243 * @since 12 244 */ 245 function addOsAccountAsync(admin: Want, name: string, type: osAccount.OsAccountType): Promise<osAccount.OsAccountInfo>; 246 247 /** 248 * Sets domain account policy. 249 * This function can be called by a super administrator. 250 * 251 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 252 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 253 * The admin must have the corresponding permission. 254 * @param { osAccount.DomainAccountInfo } domainAccountInfo - the infomation of domain account. 255 * @param { DomainAccountPolicy } policy - policy indicates the domain account policy. 256 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 257 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 258 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 259 * @throws { BusinessError } 801 - Capability not supported. Failed to call the API due to limited device capabilities. 260 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 261 * @stagemodelonly 262 * @since 19 263 */ 264 function setDomainAccountPolicy(admin: Want, domainAccountInfo: osAccount.DomainAccountInfo, policy: DomainAccountPolicy): void; 265 266 /** 267 * Gets domain account policy. 268 * This function can be called by a super administrator. 269 * 270 * @permission ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 271 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 272 * The admin must have the corresponding permission. 273 * @param { osAccount.DomainAccountInfo } domainAccountInfo - the infomation of domain account. 274 * @returns { DomainAccountPolicy } the domain account policy. 275 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 276 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 277 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 278 * @throws { BusinessError } 801 - Capability not supported. Failed to call the API due to limited device capabilities. 279 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 280 * @stagemodelonly 281 * @since 19 282 */ 283 function getDomainAccountPolicy(admin: Want, domainAccountInfo: osAccount.DomainAccountInfo): DomainAccountPolicy; 284} 285 286export default accountManager; 287