Ability Access Control
Provides program permission management capabilities, including authentication, authorization, and revocation.
NOTE
The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version.
Modules to Import
import abilityAccessCtrl from '@ohos.abilityAccessCtrl'abilityAccessCtrl.createAtManager
createAtManager(): AtManager
Creates an AtManager instance, which is used for ability access control.
System capability: SystemCapability.Security.AccessToken
Return value
| Type | Description |
|---|---|
| AtManager | AtManager instance obtained. |
Example
var AtManager = abilityAccessCtrl.createAtManager();AtManager
Implements ability access control.
verifyAccessToken
verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus>
Checks whether an application has been granted the specified permission. This API uses a promise to return the result.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to verify. |
Return value
| Type | Description |
|---|---|
| Promise<GrantStatus> | Promise instance used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let promise = AtManager.verifyAccessToken(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
promise.then(data => {
console.log(`promise: data->${JSON.stringify(data)}`);
});grantUserGrantedPermission
grantUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number): Promise<number>
Grants a user granted permission to an application. This API uses a promise to return the result.
This is a system API and cannot be called by third-party applications.
Required permissions: ohos.permission.GRANT_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to grant. |
| permissionFlag | number | Yes | Permission flag. The value 1 means that a dialog box will still be displayed after the user grants or denies the permission. The value 2 means that no dialog box will be displayed after the user grants or denies the permission. The value 3 means a system permission that cannot be changed. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise instance used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let permissionFlag = 1;
let promise = AtManager.grantUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", permissionFlag);
promise.then(data => {
console.log(`promise: data->${JSON.stringify(data)}`);
});grantUserGrantedPermission
grantUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number, callback: AsyncCallback<number>): void
Grants a user granted permission to an application. This API uses an asynchronous callback to return the result.
This is a system API and cannot be called by third-party applications.
Required permissions: ohos.permission.GRANT_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to grant. |
| permissionFlag | number | Yes | Permission flag. The value 1 means that a dialog box will still be displayed after the user grants or denies the permission. The value 2 means that no dialog box will be displayed after the user grants or denies the permission. The value 3 means a system permission that cannot be changed. |
| callback | AsyncCallback<number> | Yes | Callback used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let permissionFlag = 1;
AtManager.grantUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", permissionFlag, (err, data) => {
if (err) {
console.log(`callback: err->${JSON.stringify(err)}`);
} else {
console.log(`callback: data->${JSON.stringify(data)}`);
}
});revokeUserGrantedPermission
revokeUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number): Promise<number>
Revokes a user granted permission given to an application. This API uses a promise to return the result.
This is a system API and cannot be called by third-party applications.
Required permissions: ohos.permission.REVOKE_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to revoke. |
| permissionFlag | number | Yes | Permission flag. The value 1 means that a dialog box will still be displayed after the user grants or denies the permission. The value 2 means that no dialog box will be displayed after the user grants or denies the permission. The value 3 means a system permission that cannot be changed. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise instance used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let permissionFlag = 1;
let promise = AtManager.revokeUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", permissionFlag);
promise.then(data => {
console.log(`promise: data->${JSON.stringify(data)}`);
});revokeUserGrantedPermission
revokeUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number, callback: AsyncCallback<number>): void
Revokes a user granted permission given to an application. This API uses an asynchronous callback to return the result.
This is a system API and cannot be called by third-party applications.
Required permissions: ohos.permission.REVOKE_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to revoke. |
| permissionFlag | number | Yes | Permission flag. The value 1 means that a dialog box will still be displayed after the user grants or denies the permission. The value 2 means that no dialog box will be displayed after the user grants or denies the permission. The value 3 means a system permission that cannot be changed. |
| callback | AsyncCallback<number> | Yes | Callback used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let permissionFlag = 1;
AtManager.revokeUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", permissionFlag, (err, data) => {
if (err) {
console.log(`callback: err->${JSON.stringify(err)}`);
} else {
console.log(`callback: data->${JSON.stringify(data)}`);
}
});getPermissionFlags
getPermissionFlags(tokenID: number, permissionName: string): Promise<number>
Obtains the flags of the specified permission of a given application. This API uses a promise to return the result.
This is a system API and cannot be called by third-party applications.
Required permissions: ohos.permission.GET_SENSITIVE_PERMISSIONS, ohos.permission.GRANT_SENSITIVE_PERMISSIONS, or ohos.permission.REVOKE_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to query. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise instance used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let promise = AtManager.getPermissionFlags(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
promise.then(data => {
console.log(`promise: data->${JSON.stringify(data)}`);
});GrantStatus
Enumerates the permission grant states.
System capability: SystemCapability.Security.AccessToken
| Name | Default Value | Description |
|---|---|---|
| PERMISSION_DENIED | -1 | Permission denied. |
| PERMISSION_GRANTED | 0 | Permission granted. |
