1# @ohos.enterprise.accountManager (Account Management) (System API) 2 3The **accountManager** module provides APIs for account management of enterprise devices. 4 5> **NOTE** 6> 7> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8> 9> - The APIs of this module can be used only in the stage model. 10> 11> - The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is [enabled](js-apis-enterprise-adminManager-sys.md#adminmanagerenableadmin). 12> 13> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.enterprise.accountManager](js-apis-enterprise-accountManager.md). 14 15## Modules to Import 16 17```ts 18import { accountManager } from '@kit.MDMKit'; 19``` 20 21## accountManager.disallowAddLocalAccount 22 23disallowAddLocalAccount(admin: Want, disallow: boolean, callback: AsyncCallback<void>): void 24 25Disallows a device administrator application to create local user accounts. This API uses an asynchronous callback to return the result. 26 27**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 28 29**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 30 31 32 33**Parameters** 34 35| Name | Type | Mandatory | Description | 36| -------- | ---------------------------------------- | ---- | ------------------------------- | 37| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 38| disallow | boolean | Yes | Whether to forbid the creation of local user accounts. The value **true** means to forbid the creation of local user accounts, and the value **false** means the opposite. | 39| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **null**. Otherwise, **err** is an error object. | 40 41**Error codes** 42 43For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 44 45| ID| Error Message | 46| ------- | ---------------------------------------------------------------------------- | 47| 9200001 | The application is not an administrator application of the device. | 48| 9200002 | The administrator application does not have permission to manage the device. | 49| 201 | Permission verification failed. The application does not have the permission required to call the API. | 50| 202 | Permission verification failed. A non-system application calls a system API. | 51| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 52 53**Example** 54 55```ts 56import { Want } from '@kit.AbilityKit'; 57let wantTemp: Want = { 58 bundleName: 'com.example.myapplication', 59 abilityName: 'EntryAbility', 60}; 61 62accountManager.disallowAddLocalAccount(wantTemp, true, (err) => { 63 if (err) { 64 console.error(`Failed to disallow add local account. Code: ${err.code}, message: ${err.message}`); 65 return; 66 } 67 console.info('Succeeded in disallowing add local account'); 68}); 69``` 70 71## accountManager.disallowAddLocalAccount 72 73disallowAddLocalAccount(admin: Want, disallow: boolean): Promise<void> 74 75Disallows a device administrator application to create local user accounts. This API uses a promise to return the result. 76 77**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 78 79**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 80 81 82 83**Parameters** 84 85| Name | Type | Mandatory | Description | 86| ----- | ----------------------------------- | ---- | ------- | 87| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application.| 88| disallow | boolean | Yes | Whether to forbid the creation of local user accounts. The value **true** means to forbid the creation of local user accounts, and the value **false** means the opposite. | 89 90**Return value** 91 92| Type | Description | 93| --------------------- | ------------------------- | 94| Promise<void> | Promise that returns no value. An error object will be thrown if the operation fails.| 95 96**Error codes** 97 98For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 99 100| ID| Error Message | 101| ------- | ---------------------------------------------------------------------------- | 102| 9200001 | The application is not an administrator application of the device. | 103| 9200002 | The administrator application does not have permission to manage the device. | 104| 201 | Permission verification failed. The application does not have the permission required to call the API. | 105| 202 | Permission verification failed. A non-system application calls a system API. | 106| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 107 108**Example** 109 110```ts 111import { Want } from '@kit.AbilityKit'; 112import { BusinessError } from '@kit.BasicServicesKit'; 113let wantTemp: Want = { 114 bundleName: 'com.example.myapplication', 115 abilityName: 'EntryAbility', 116}; 117 118accountManager.disallowAddLocalAccount(wantTemp, true).then(() => { 119 console.info('Succeeded in disallowing add local account'); 120}).catch((err: BusinessError) => { 121 console.error(`Failed to disallow add local account. Code: ${err.code}, message: ${err.message}`); 122}); 123``` 124 125## accountManager.disallowAddOsAccountByUser<sup>11+</sup> 126 127disallowAddOsAccountByUser(admin: Want, userId: number, disallow: boolean): void 128 129Disallows a user to add system accounts through the specified device administrator application. 130 131**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 132 133**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 134 135 136 137**Parameters** 138 139| Name | Type | Mandatory| Description | 140| -------- | ----------------------------------- | ---- | ----------------------------------------------------------- | 141| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 142| userId | number | Yes | User ID, which must be greater than or equal to 0. | 143| disallow | boolean | Yes | Whether to disallow the user to add system accounts. The value **true** means to disallow the user to add system accounts; the value **false** means the opposite.| 144 145**Error codes** 146 147For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 148 149| ID| Error Message | 150| -------- | ------------------------------------------------------------ | 151| 9200001 | The application is not an administrator application of the device. | 152| 9200002 | The administrator application does not have permission to manage the device. | 153| 201 | Permission verification failed. The application does not have the permission required to call the API. | 154| 202 | Permission verification failed. A non-system application calls a system API. | 155| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 156 157**Example** 158 159```ts 160import { Want } from '@kit.AbilityKit'; 161let wantTemp: Want = { 162 bundleName: 'com.example.myapplication', 163 abilityName: 'EntryAbility', 164}; 165 166try { 167 accountManager.disallowAddOsAccountByUser(wantTemp, 100, true); 168 console.info(`Succeeded in disallowing user add os account`); 169} catch (err) { 170 console.error(`Failed to disallow user add os account. Code: ${err.code}, message: ${err.message}`); 171} 172``` 173 174## accountManager.isAddOsAccountByUserDisallowed<sup>11+</sup> 175 176isAddOsAccountByUserDisallowed(admin: Want, userId: number): boolean 177 178Checks whether a user is not allowed to add system accounts through the specified device administrator application. 179 180**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 181 182**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 183 184 185 186**Parameters** 187 188| Name| Type | Mandatory| Description | 189| ------ | ----------------------------------- | ---- | ------------------------------------------- | 190| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 191| userId | number | Yes | User ID, which must be greater than or equal to 0.| 192 193**Return value** 194 195| Type | Description | 196| ------- | ------------------------------------------------------------ | 197| boolean | Returns **true** if the user is not allowed to add system accounts; returns **false** otherwise.| 198 199**Error codes** 200 201For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 202 203| ID| Error Message | 204| -------- | ------------------------------------------------------------ | 205| 9200001 | The application is not an administrator application of the device. | 206| 9200002 | The administrator application does not have permission to manage the device. | 207| 201 | Permission verification failed. The application does not have the permission required to call the API. | 208| 202 | Permission verification failed. A non-system application calls a system API. | 209| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 210 211**Example** 212 213```ts 214import { Want } from '@kit.AbilityKit'; 215let wantTemp: Want = { 216 bundleName: 'com.example.myapplication', 217 abilityName: 'EntryAbility', 218}; 219 220try { 221 let isDisallowed: boolean = accountManager.isAddOsAccountByUserDisallowed(wantTemp, 100); 222 console.info(`Succeeded in querying the user can add os account or not: ${isDisallowed}`); 223} catch (err) { 224 console.error(`Failed to query the user can add os account or not. Code: ${err.code}, message: ${err.message}`); 225} 226``` 227 228## accountManager.addOsAccount<sup>11+</sup> 229 230addOsAccount(admin: Want, name: string, type: osAccount.OsAccountType): osAccount.OsAccountInfo 231 232Adds a system account in the background through the specified device administrator application. 233 234**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 235 236**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 237 238 239 240**Parameters** 241 242| Name| Type | Mandatory| Description | 243| ------ | ------------------------------------------------------------ | ---- | ------------------------------------------------------------ | 244| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 245| name | string | Yes | User ID, which must be greater than or equal to 0. | 246| type | [osAccount.OsAccountType](../apis-basic-services-kit/js-apis-osAccount.md#osaccounttype) | Yes | Type of the account to add.<br>The value can be any of the following:<br>· **ADMIN**: administrator account.<br>· **NORMAL**: normal account.<br>· **GUEST**: guest account.| 247 248**Return value** 249 250| Type | Description | 251| ------------------------------------------------------------ | -------------------- | 252| [osAccount.OsAccountInfo](../apis-basic-services-kit/js-apis-osAccount.md#osaccounttype) | Information about the account added.| 253 254**Error codes** 255 256For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 257 258| ID| Error Message | 259| -------- | ------------------------------------------------------------ | 260| 9200001 | The application is not an administrator application of the device. | 261| 9200002 | The administrator application does not have permission to manage the device. | 262| 9201003 | Failed to add an OS account. | 263| 201 | Permission verification failed. The application does not have the permission required to call the API. | 264| 202 | Permission verification failed. A non-system application calls a system API. | 265| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 266 267**Example** 268 269```ts 270import { Want } from '@kit.AbilityKit'; 271import { osAccount } from '@kit.BasicServicesKit'; 272let wantTemp: Want = { 273 bundleName: 'com.example.myapplication', 274 abilityName: 'EntryAbility', 275}; 276 277try { 278 let info: osAccount.OsAccountInfo = accountManager.addOsAccount(wantTemp, "TestAccountName", osAccount.OsAccountType.NORMAL); 279 console.info(`Succeeded in creating os account: ${JSON.stringify(info)}`); 280} catch (err) { 281 console.error(`Failed to creating os account. Code: ${err.code}, message: ${err.message}`); 282} 283``` 284