1# DataAbility Permission Control
2
3
4The DataAbility uses permission control to determine whether an ability can access the data service it provides. There are static and dynamic permission controls.
5
6
7## Static Permission Control
8
9The DataAbility functions as the server. When being started, the DataAbility verifies the client permissions against the settings of the optional fields **readPermission**, **writePermission**, and **Permission** fields in the **config.json** file. The following is an example:
10
11
12```json
13"abilities": [
14  ...
15  {
16    "name": ".DataAbility",
17    "srcLanguage": "ets",
18    "srcPath": "DataAbility",
19    "icon": "$media:icon",
20    "description": "$string:DataAbility_desc",
21    "type": "data",
22    "visible": true,
23    "uri": "dataability://com.samples.famodelabilitydevelop.DataAbility",
24    "readPermission": "ohos.permission.READ_CONTACTS",
25    "writePermission": "ohos.permission.WRITE_CONTACTS"
26  },
27  ...
28]
29```
30
31The client permission is configured in **reqPermissions** under **module** in the **config.json** file. The following is an example:
32
33
34```json
35{
36  ...
37  "module": {
38    ...
39    "reqPermissions": [
40      {
41        "name": "ohos.permission.READ_CONTACTS"
42      },
43      {
44        "name": "ohos.permission.WRITE_CONTACTS"
45      },
46      ...
47    ],
48    ...
49  }
50}
51```
52
53
54## Dynamic Permission Control
55
56Static permission control determines whether a DataAbility can be started by another ability or application. It does not verify the permission of each read/write interface.
57
58Dynamic permission control verifies whether the client has the corresponding permission for every read/write interface. The table below lists the permissions required for calling these interfaces.
59
60**Table 1** Permission configuration for data read/write interfaces
61
62| Interface with the Read Permission| Interface with the Write Permission| Interface with the Read/Write Permission Based on Actual Requirements|
63| -------- | -------- | -------- |
64| query, normalizeUri, denormalizeUri, openfile (with **mode** set to **'r'**)| insert, batchInsert, delete, update, openfile (with **mode** set to **'w'**)| executeBatch |
65
66For interfaces that require the read permission, the server must have **readPermission** specified, and the client must obtain the read permission before calling them.
67
68For interfaces that require the write permission, the server must have **writePermission** specified, and the client must obtain the write permission before calling them.
69