1# @ohos.enterprise.accountManager (Account Management) (System API)
2
3The **accountManager** module provides APIs for account management of enterprise devices.
4
5> **NOTE**
6>
7> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version.
8>
9> - The APIs of this module can be used only in the stage model.
10>
11> - The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is [enabled](js-apis-enterprise-adminManager-sys.md#adminmanagerenableadmin).
12>
13> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.enterprise.accountManager](js-apis-enterprise-accountManager.md).
14
15## Modules to Import
16
17```ts
18import { accountManager } from '@kit.MDMKit';
19```
20
21## accountManager.disallowAddLocalAccount
22
23disallowAddLocalAccount(admin: Want, disallow: boolean, callback: AsyncCallback<void>): void
24
25Disallows a device administrator application to create local user accounts. This API uses an asynchronous callback to return the result.
26
27**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
28
29**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
30
31
32
33**Parameters**
34
35| Name     | Type                                      | Mandatory  | Description                      |
36| -------- | ---------------------------------------- | ---- | ------------------------------- |
37| admin    | [Want](../apis-ability-kit/js-apis-app-ability-want.md)     | Yes   | Device administrator application.                 |
38| disallow    | boolean     | Yes   | Whether to forbid the creation of local user accounts. The value **true** means to forbid the creation of local user accounts, and the value **false** means the opposite.                 |
39| callback | AsyncCallback<void>            | Yes   | Callback used to return the result. If the operation is successful, **err** is **null**. Otherwise, **err** is an error object.      |
40
41**Error codes**
42
43For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
44
45| ID| Error Message                                                                      |
46| ------- | ---------------------------------------------------------------------------- |
47| 9200001 | The application is not an administrator application of the device. |
48| 9200002 | The administrator application does not have permission to manage the device. |
49| 201 | Permission verification failed. The application does not have the permission required to call the API. |
50| 202 | Permission verification failed. A non-system application calls a system API. |
51| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
52
53**Example**
54
55```ts
56import { Want } from '@kit.AbilityKit';
57let wantTemp: Want = {
58  bundleName: 'com.example.myapplication',
59  abilityName: 'EntryAbility',
60};
61
62accountManager.disallowAddLocalAccount(wantTemp, true, (err) => {
63  if (err) {
64    console.error(`Failed to disallow add local account. Code: ${err.code}, message: ${err.message}`);
65    return;
66  }
67  console.info('Succeeded in disallowing add local account');
68});
69```
70
71## accountManager.disallowAddLocalAccount
72
73disallowAddLocalAccount(admin: Want, disallow: boolean): Promise<void>
74
75Disallows a device administrator application to create local user accounts. This API uses a promise to return the result.
76
77**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
78
79**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
80
81
82
83**Parameters**
84
85| Name  | Type                                 | Mandatory  | Description     |
86| ----- | ----------------------------------- | ---- | ------- |
87| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes   | Device administrator application.|
88| disallow    | boolean     | Yes   | Whether to forbid the creation of local user accounts. The value **true** means to forbid the creation of local user accounts, and the value **false** means the opposite.                 |
89
90**Return value**
91
92| Type                  | Description                     |
93| --------------------- | ------------------------- |
94| Promise<void> | Promise that returns no value. An error object will be thrown if the operation fails.|
95
96**Error codes**
97
98For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
99
100| ID| Error Message                                                                    |
101| ------- | ---------------------------------------------------------------------------- |
102| 9200001 | The application is not an administrator application of the device.            |
103| 9200002 | The administrator application does not have permission to manage the device. |
104| 201 | Permission verification failed. The application does not have the permission required to call the API. |
105| 202 | Permission verification failed. A non-system application calls a system API. |
106| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
107
108**Example**
109
110```ts
111import { Want } from '@kit.AbilityKit';
112import { BusinessError } from '@kit.BasicServicesKit';
113let wantTemp: Want = {
114  bundleName: 'com.example.myapplication',
115  abilityName: 'EntryAbility',
116};
117
118accountManager.disallowAddLocalAccount(wantTemp, true).then(() => {
119  console.info('Succeeded in disallowing add local account');
120}).catch((err: BusinessError) => {
121  console.error(`Failed to disallow add local account. Code: ${err.code}, message: ${err.message}`);
122});
123```
124
125## accountManager.disallowAddOsAccountByUser<sup>11+</sup>
126
127disallowAddOsAccountByUser(admin: Want, userId: number, disallow: boolean): void
128
129Disallows a user to add system accounts through the specified device administrator application.
130
131**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
132
133**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
134
135
136
137**Parameters**
138
139| Name  | Type                               | Mandatory| Description                                                       |
140| -------- | ----------------------------------- | ---- | ----------------------------------------------------------- |
141| admin    | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                                             |
142| userId   | number                              | Yes  | User ID, which must be greater than or equal to 0.                |
143| disallow | boolean                             | Yes  | Whether to disallow the user to add system accounts. The value **true** means to disallow the user to add system accounts; the value **false** means the opposite.|
144
145**Error codes**
146
147For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
148
149| ID| Error Message                                                    |
150| -------- | ------------------------------------------------------------ |
151| 9200001  | The application is not an administrator application of the device. |
152| 9200002  | The administrator application does not have permission to manage the device. |
153| 201      | Permission verification failed. The application does not have the permission required to call the API. |
154| 202      | Permission verification failed. A non-system application calls a system API. |
155| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
156
157**Example**
158
159```ts
160import { Want } from '@kit.AbilityKit';
161let wantTemp: Want = {
162  bundleName: 'com.example.myapplication',
163  abilityName: 'EntryAbility',
164};
165
166try {
167  accountManager.disallowAddOsAccountByUser(wantTemp, 100, true);
168  console.info(`Succeeded in disallowing user add os account`);
169} catch (err) {
170  console.error(`Failed to disallow user add os account. Code: ${err.code}, message: ${err.message}`);
171}
172```
173
174## accountManager.isAddOsAccountByUserDisallowed<sup>11+</sup>
175
176isAddOsAccountByUserDisallowed(admin: Want, userId: number): boolean
177
178Checks whether a user is not allowed to add system accounts through the specified device administrator application.
179
180**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
181
182**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
183
184
185
186**Parameters**
187
188| Name| Type                               | Mandatory| Description                                       |
189| ------ | ----------------------------------- | ---- | ------------------------------------------- |
190| admin  | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                             |
191| userId | number                              | Yes  | User ID, which must be greater than or equal to 0.|
192
193**Return value**
194
195| Type   | Description                                                        |
196| ------- | ------------------------------------------------------------ |
197| boolean | Returns **true** if the user is not allowed to add system accounts; returns **false** otherwise.|
198
199**Error codes**
200
201For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
202
203| ID| Error Message                                                    |
204| -------- | ------------------------------------------------------------ |
205| 9200001  | The application is not an administrator application of the device. |
206| 9200002  | The administrator application does not have permission to manage the device. |
207| 201      | Permission verification failed. The application does not have the permission required to call the API. |
208| 202      | Permission verification failed. A non-system application calls a system API. |
209| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
210
211**Example**
212
213```ts
214import { Want } from '@kit.AbilityKit';
215let wantTemp: Want = {
216  bundleName: 'com.example.myapplication',
217  abilityName: 'EntryAbility',
218};
219
220try {
221  let isDisallowed: boolean = accountManager.isAddOsAccountByUserDisallowed(wantTemp, 100);
222  console.info(`Succeeded in querying the user can add os account or not: ${isDisallowed}`);
223} catch (err) {
224  console.error(`Failed to query the user can add os account or not. Code: ${err.code}, message: ${err.message}`);
225}
226```
227
228## accountManager.addOsAccount<sup>11+</sup>
229
230addOsAccount(admin: Want, name: string, type: osAccount.OsAccountType): osAccount.OsAccountInfo
231
232Adds a system account in the background through the specified device administrator application.
233
234**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
235
236**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
237
238
239
240**Parameters**
241
242| Name| Type                                                        | Mandatory| Description                                                        |
243| ------ | ------------------------------------------------------------ | ---- | ------------------------------------------------------------ |
244| admin  | [Want](../apis-ability-kit/js-apis-app-ability-want.md)                          | Yes  | Device administrator application.                                              |
245| name   | string                                                       | Yes  | User ID, which must be greater than or equal to 0.                 |
246| type   | [osAccount.OsAccountType](../apis-basic-services-kit/js-apis-osAccount.md#osaccounttype) | Yes  | Type of the account to add.<br>The value can be any of the following:<br>· **ADMIN**: administrator account.<br>· **NORMAL**: normal account.<br>· **GUEST**: guest account.|
247
248**Return value**
249
250| Type                                                        | Description                |
251| ------------------------------------------------------------ | -------------------- |
252| [osAccount.OsAccountInfo](../apis-basic-services-kit/js-apis-osAccount.md#osaccounttype) | Information about the account added.|
253
254**Error codes**
255
256For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
257
258| ID| Error Message                                                    |
259| -------- | ------------------------------------------------------------ |
260| 9200001  | The application is not an administrator application of the device. |
261| 9200002  | The administrator application does not have permission to manage the device. |
262| 9201003  | Failed to add an OS account.                                 |
263| 201      | Permission verification failed. The application does not have the permission required to call the API. |
264| 202      | Permission verification failed. A non-system application calls a system API. |
265| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
266
267**Example**
268
269```ts
270import { Want } from '@kit.AbilityKit';
271import { osAccount } from '@kit.BasicServicesKit';
272let wantTemp: Want = {
273  bundleName: 'com.example.myapplication',
274  abilityName: 'EntryAbility',
275};
276
277try {
278  let info: osAccount.OsAccountInfo = accountManager.addOsAccount(wantTemp, "TestAccountName", osAccount.OsAccountType.NORMAL);
279  console.info(`Succeeded in creating os account: ${JSON.stringify(info)}`);
280} catch (err) {
281  console.error(`Failed to creating os account. Code: ${err.code}, message: ${err.message}`);
282}
283```
284