1# DataAbility Permission Control 2 3 4The DataAbility uses permission control to determine whether an ability can access the data service it provides. There are static and dynamic permission controls. 5 6 7## Static Permission Control 8 9The DataAbility functions as the server. When being started, the DataAbility verifies the client permissions against the settings of the optional fields **readPermission**, **writePermission**, and **Permission** fields in the **config.json** file. The following is an example: 10 11 12```json 13"abilities": [ 14 ... 15 { 16 "name": ".DataAbility", 17 "srcLanguage": "ets", 18 "srcPath": "DataAbility", 19 "icon": "$media:icon", 20 "description": "$string:DataAbility_desc", 21 "type": "data", 22 "visible": true, 23 "uri": "dataability://com.samples.famodelabilitydevelop.DataAbility", 24 "readPermission": "ohos.permission.READ_CONTACTS", 25 "writePermission": "ohos.permission.WRITE_CONTACTS" 26 }, 27 ... 28] 29``` 30 31The client permission is configured in **reqPermissions** under **module** in the **config.json** file. The following is an example: 32 33 34```json 35{ 36 ... 37 "module": { 38 ... 39 "reqPermissions": [ 40 { 41 "name": "ohos.permission.READ_CONTACTS" 42 }, 43 { 44 "name": "ohos.permission.WRITE_CONTACTS" 45 }, 46 ... 47 ], 48 ... 49 } 50} 51``` 52 53 54## Dynamic Permission Control 55 56Static permission control determines whether a DataAbility can be started by another ability or application. It does not verify the permission of each read/write interface. 57 58Dynamic permission control verifies whether the client has the corresponding permission for every read/write interface. The table below lists the permissions required for calling these interfaces. 59 60**Table 1** Permission configuration for data read/write interfaces 61 62| Interface with the Read Permission| Interface with the Write Permission| Interface with the Read/Write Permission Based on Actual Requirements| 63| -------- | -------- | -------- | 64| query, normalizeUri, denormalizeUri, openfile (with **mode** set to **'r'**)| insert, batchInsert, delete, update, openfile (with **mode** set to **'w'**)| executeBatch | 65 66For interfaces that require the read permission, the server must have **readPermission** specified, and the client must obtain the read permission before calling them. 67 68For interfaces that require the write permission, the server must have **writePermission** specified, and the client must obtain the write permission before calling them. 69