@@ -125,7 +125,7 @@ User authorization is required when an application needs to access user privacy
...
@@ -125,7 +125,7 @@ User authorization is required when an application needs to access user privacy
> **NOTE**
> **NOTE**
>
>
> Each time before an API protected by a **user_grant** permission is called, **requestPermissionsFromUser()** will be called to request user authorization. After the permission is granted, the user may revoke the authorization in **Settings**. Therefore, the previous authorization status cannot be persistent.
> Each time before an API protected by a **user_grant** permission is called, **[requestPermissionsFromUser()](../reference/apis/js-apis-abilityAccessCtrl.md#requestpermissionsfromuser9)** will be called to request user authorization. After the permission is granted, the user may revoke the authorization in **Settings**. Therefore, the previous authorization status cannot be persistent.
@@ -39,10 +39,14 @@ The figure below illustrates the process.
...
@@ -39,10 +39,14 @@ The figure below illustrates the process.
![](figures/permission-workflow.png)
![](figures/permission-workflow.png)
**NOTE**
1. Refer to the figure below to determine whether an application can apply for a permission.
1. Refer to the figure below to determine whether an application can apply for a permission.
![](figures/permission-application-process.png)
![](figures/permission-application-process.png)
**NOTE**
1. See [Permission Levels](#permission-levels) for details about the mapping between the application Ability Privilege Level (APL) and the permission level.
1. See [Permission Levels](#permission-levels) for details about the mapping between the application Ability Privilege Level (APL) and the permission level.
2. The permission authorization modes include user_grant (permission granted by the user) and system_grant (permission granted by the system). For details, see [Permission Types](#permission-types).
2. The permission authorization modes include user_grant (permission granted by the user) and system_grant (permission granted by the system). For details, see [Permission Types](#permission-types).
...
@@ -58,6 +62,8 @@ The figure below shows the permission verification process.
...
@@ -58,6 +62,8 @@ The figure below shows the permission verification process.
![](figures/permission-verify-process.png)
![](figures/permission-verify-process.png)
**NOTE**
1: An application permission can be used to control the access to an API that has sensitive data involved or security threats on core abilities.
1: An application permission can be used to control the access to an API that has sensitive data involved or security threats on core abilities.
2: The API can be protected by a permission in the [ACL](#acl). For example, if contact information is involved in an API provided by an application, you can use a contact-related permission to protect the API.
2: The API can be protected by a permission in the [ACL](#acl). For example, if contact information is involved in an API provided by an application, you can use a contact-related permission to protect the API.