1# @ohos.enterprise.restrictions (Restrictions) 2 3This **restrictions** module provides APIs for disallowing general features of devices. You can globally disable or enable the features such as Bluetooth, HDC, USB, and Wi-Fi. 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8> 9> The APIs of this module can be used only in the stage model. 10> 11> The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is enabled. 12 13## Modules to Import 14 15```ts 16import { restrictions } from '@kit.MDMKit'; 17``` 18 19## restrictions.setDisallowedPolicy 20 21setDisallowedPolicy(admin: Want, feature: string, disallow: boolean): void 22 23Disallows a feature. 24 25**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS 26 27**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 28 29**Parameters** 30 31| Name | Type | Mandatory| Description | 32| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 33| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 34| feature | string | Yes | Feature to set.<br>- **bluetooth**: Bluetooth capability of the device.<br>- **modifyDateTime**: capability of modifying the system time. Currently, this feature is available only for 2-in-1 devices.<br>- **printer**: printing capability. Currently, this feature is available only for 2-in-1 devices.<br>- **hdc**: OpenHarmony Device Connector (hdc).<br>- **microphone**: microphone capability of the device.<br>- **fingerprint**: fingerprint authentication capability of the device.<br>- **usb**: USB capability of the device. After this feature is disabled, USB devices cannot be used.<br>- **wifi**: Wi-Fi capability of the device.<br>- **tethering**<sup>14+</sup>: network sharing capability.<br>- **inactiveUserFreeze**<sup>14+</sup>: capability of freezing inactive users. When the system switches to the enterprise space user, the personal space users are inactive users.<!--RP1--><!--RP1End--> | 35| disallow | boolean | Yes | Whether to disallow the feature. The value **true** means to disallow the feature; the value **false** means the opposite. | 36 37**Error codes** 38 39For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 40 41| ID| Error Message | 42| -------- | ------------------------------------------------------------ | 43| 9200001 | The application is not an administrator application of the device. | 44| 9200002 | The administrator application does not have permission to manage the device. | 45| 201 | Permission verification failed. The application does not have the permission required to call the API. | 46| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 47 48**Example** 49 50```ts 51import { Want } from '@kit.AbilityKit'; 52let wantTemp: Want = { 53 bundleName: 'bundleName', 54 abilityName: 'abilityName', 55}; 56 57try { 58 restrictions.setDisallowedPolicy(wantTemp, 'printer', true); 59 console.info('Succeeded in setting printer disabled'); 60} catch (err) { 61 console.error(`Failed to set printer disabled. Code is ${err.code}, message is ${err.message}`); 62} 63``` 64 65## restrictions.getDisallowedPolicy 66 67getDisallowedPolicy(admin: Want, feature: string): boolean 68 69Obtains the status of a feature. 70 71**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS 72 73**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 74 75**Parameters** 76 77| Name | Type | Mandatory| Description | 78| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 79| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 80| feature | string | Yes | Name of the feature, whose status is to be obtained.<br>- **bluetooth**: Bluetooth capability of the device.<br>- **modifyDateTime**: capability of modifying the system time. Currently, this feature is available only for 2-in-1 devices.<br>- **printer**: printing capability. Currently, this feature is available only for 2-in-1 devices.<br>- **hdc**: OpenHarmony Device Connector (hdc).<br>- **microphone**: microphone capability of the device.<br>- **fingerprint**: fingerprint authentication capability of the device.<br>- **usb**: USB capability of the device. After this feature is disabled, USB devices cannot be used.<br>- **wifi**: Wi-Fi capability of the device.<br>- **tethering**<sup>14+</sup>: network sharing capability.<br>- **inactiveUserFreeze**<sup>14+</sup>: capability of freezing inactive users. Currently, this feature is available only for 2-in-1 devices. When the system switches to the enterprise space user, the personal space users are inactive users.<!--RP2--><!--RP2End--> | 81 82**Return value** 83 84| Type | Description | 85| ------- | ------------------------------------------------------------ | 86| boolean | Returns **true** if the feature is disallowed; returns **false** otherwise.| 87 88**Error codes** 89 90For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 91 92| ID| Error Message | 93| -------- | ------------------------------------------------------------ | 94| 9200001 | The application is not an administrator application of the device. | 95| 9200002 | The administrator application does not have permission to manage the device. | 96| 201 | Permission verification failed. The application does not have the permission required to call the API. | 97| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 98 99**Example** 100 101```ts 102import { Want } from '@kit.AbilityKit'; 103let wantTemp: Want = { 104 bundleName: 'bundleName', 105 abilityName: 'abilityName', 106}; 107 108try { 109 let result: boolean = restrictions.getDisallowedPolicy(wantTemp, 'printer'); 110 console.info(`Succeeded in querying is the printing function disabled : ${result}`); 111} catch (err) { 112 console.error(`Failed to set printer disabled. Code is ${err.code}, message is ${err.message}`); 113} 114``` 115 116## restrictions.setDisallowedPolicyForAccount<sup>14+</sup> 117 118setDisallowedPolicyForAccount(admin: Want, feature: string, disallow: boolean, accountId: number): void 119 120Allows or disallows a feature for a user. 121 122**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS 123 124**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 125 126**Parameters** 127 128| Name | Type | Mandatory| Description | 129| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 130| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 131| feature | string | Yes | Feature to set.<br>- **fingerprint**: fingerprint authentication capability of the device.| 132| disallow | boolean | Yes | Whether to disallow the feature. The value **true** means to disallow the feature; the value **false** means the opposite. | 133| accountId | number | Yes | User ID, which must be greater than or equal to 0. | 134 135**Error codes** 136 137For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 138 139| ID| Error Message | 140| -------- | ------------------------------------------------------------ | 141| 9200001 | The application is not an administrator application of the device. | 142| 9200002 | The administrator application does not have permission to manage the device. | 143| 9200010 | A conflict policy has been configured. | 144| 201 | Permission verification failed. The application does not have the permission required to call the API. | 145| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 146 147**Example** 148 149```ts 150import { Want } from '@kit.AbilityKit'; 151let wantTemp: Want = { 152 bundleName: 'bundleName', 153 abilityName: 'abilityName', 154}; 155 156try { 157 restrictions.setDisallowedPolicyForAccount(wantTemp, 'fingerprint', true, 100); 158 console.info('Succeeded in setting fingerprint disabled'); 159} catch (err) { 160 console.error(`Failed to set fingerprint disabled. Code is ${err.code}, message is ${err.message}`); 161} 162``` 163 164## restrictions.getDisallowedPolicyForAccount<sup>14+</sup> 165 166getDisallowedPolicyForAccount(admin: Want, feature: string, accountId: number): boolean 167 168Obtains the feature status for a user. 169 170**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS 171 172**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 173 174**Parameters** 175 176| Name | Type | Mandatory| Description | 177| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 178| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 179| feature | string | Yes | Feature whose status is to be obtained.<br>- **fingerprint**: fingerprint authentication capability of the device.| 180| accountId | number | Yes | User ID, which must be greater than or equal to 0. | 181 182**Return value** 183 184| Type | Description | 185| ------- | ------------------------------------------------------------ | 186| boolean | Returns **true** if the specified feature is disabled; returns **false** otherwise.| 187 188**Error codes** 189 190For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 191 192| ID| Error Message | 193| -------- | ------------------------------------------------------------ | 194| 9200001 | The application is not an administrator application of the device. | 195| 9200002 | The administrator application does not have permission to manage the device. | 196| 201 | Permission verification failed. The application does not have the permission required to call the API. | 197| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 198 199**Example** 200 201```ts 202import { Want } from '@kit.AbilityKit'; 203let wantTemp: Want = { 204 bundleName: 'bundleName', 205 abilityName: 'abilityName', 206}; 207 208try { 209 let result: boolean = restrictions.getDisallowedPolicyForAccount(wantTemp, 'fingerprint', 100); 210 console.info(`Succeeded in querying is the fingerprint function disabled : ${result}`); 211} catch (err) { 212 console.error(`Failed to set fingerprint disabled. Code is ${err.code}, message is ${err.message}`); 213} 214``` 215 216## restrictions.addDisallowedListForAccount<sup>14+</sup> 217 218addDisallowedListForAccount(admin: Want, feature: string, list: Array\<string>, accountId: number): void 219 220Adds a disallowed feature list for a user. 221 222**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS 223 224**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 225 226**Parameters** 227 228| Name | Type | Mandatory| Description | 229| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 230| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 231| feature | string | Yes | Feature name.<br>- **snapshotSkip**: skips the screen snapshots.| 232| list | Array\<string> | Yes | List of content such as the bundle names. | 233| accountId | number | Yes | User ID, which must be greater than or equal to 0. | 234 235**Error codes** 236 237For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 238 239| ID| Error Message | 240| -------- | ------------------------------------------------------------ | 241| 9200001 | The application is not an administrator application of the device. | 242| 9200002 | The administrator application does not have permission to manage the device. | | 243| 201 | Permission verification failed. The application does not have the permission required to call the API. | 244| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 245 246**Example** 247 248```ts 249import { Want } from '@kit.AbilityKit'; 250let wantTemp: Want = { 251 bundleName: 'bundleName', 252 abilityName: 'abilityName', 253}; 254let valueList:Array<string> = ["com.xx.aa.", "com.xx.bb"]; 255try { 256 restrictions.addDisallowedListForAccount(wantTemp, 'snapshotSkip', valueList, 100); 257 console.info('Succeeded in adding disallowed snapshotSkip feature'); 258} catch (err) { 259 console.error(`Failed to add disallowed snapshotSkip feature. Code is ${err.code}, message is ${err.message}`); 260} 261``` 262 263## restrictions.removeDisallowedListForAccount<sup>14+</sup> 264 265removeDisallowedListForAccount(admin: Want, feature: string, list: Array\<string>, accountId: number): void 266 267Removes a disallowed feature list for a user. 268 269**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS 270 271**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 272 273**Parameters** 274 275| Name | Type | Mandatory| Description | 276| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 277| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 278| feature | string | Yes | Feature name.<br>- **snapshotSkip**: skips the screen snapshots.| 279| list | Array\<string> | Yes | List of content such as the bundle names. | 280| accountId | number | Yes | User ID, which must be greater than or equal to 0. | 281 282**Error codes** 283 284For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 285 286| ID| Error Message | 287| -------- | ------------------------------------------------------------ | 288| 9200001 | The application is not an administrator application of the device. | 289| 9200002 | The administrator application does not have permission to manage the device. | | 290| 201 | Permission verification failed. The application does not have the permission required to call the API. | 291| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 292 293**Example** 294 295```ts 296import { Want } from '@kit.AbilityKit'; 297let wantTemp: Want = { 298 bundleName: 'bundleName', 299 abilityName: 'abilityName', 300}; 301let valueList:Array<string> = ["com.xx.aa.", "com.xx.bb"]; 302try { 303 restrictions.removeDisallowedListForAccount(wantTemp, 'snapshotSkip', valueList, 100); 304 console.info('Succeeded in removing disallowed snapshotSkip feature'); 305} catch (err) { 306 console.error(`Failed to remove disallowed snapshotSkip feature. Code is ${err.code}, message is ${err.message}`); 307} 308``` 309 310## restrictions.getDisallowedListForAccount<sup>14+</sup> 311 312getDisallowedListForAccount(admin: Want, feature: string, accountId: number): Array\<string> 313 314Obtains the disallowed feature list of a user. 315 316**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS 317 318**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 319 320**Parameters** 321 322| Name | Type | Mandatory| Description | 323| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 324| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 325| feature | string | Yes | Feature name.<br>- **snapshotSkip**: skips the screen snapshots.| 326| accountId | number | Yes | User ID, which must be greater than or equal to 0. | 327 328**Return value** 329 330| Type | Description | 331| ------- | ------------------------------------------------------------ | 332| Array\<string> | Disallowed feature list obtained.| 333 334**Error codes** 335 336For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 337 338| ID| Error Message | 339| -------- | ------------------------------------------------------------ | 340| 9200001 | The application is not an administrator application of the device. | 341| 9200002 | The administrator application does not have permission to manage the device. | 342| 201 | Permission verification failed. The application does not have the permission required to call the API. | 343| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 344 345**Example** 346 347```ts 348import { Want } from '@kit.AbilityKit'; 349let wantTemp: Want = { 350 bundleName: 'bundleName', 351 abilityName: 'abilityName', 352}; 353 354try { 355 let result: Array<string> = restrictions.getDisallowedListForAccount(wantTemp, 'snapshotSkip', 100); 356 console.info('Succeeded in querying disallowed list for account'); 357} catch (err) { 358 console.error(`Failed to query disallowed list for account. Code is ${err.code}, message is ${err.message}`); 359} 360``` 361