1# @ohos.enterprise.restrictions (Restrictions)
2
3This **restrictions** module provides APIs for disallowing general features of devices. You can globally disable or enable the features such as Bluetooth, HDC, USB, and Wi-Fi.
4
5> **NOTE**
6>
7> The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version.
8>
9> The APIs of this module can be used only in the stage model.
10>
11> The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is enabled.
12
13## Modules to Import
14
15```ts
16import { restrictions } from '@kit.MDMKit';
17```
18
19## restrictions.setDisallowedPolicy
20
21setDisallowedPolicy(admin: Want, feature: string, disallow: boolean): void
22
23Disallows a feature.
24
25**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
26
27**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
28
29**Parameters**
30
31| Name  | Type                                                   | Mandatory| Description                                                        |
32| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
33| admin    | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                                              |
34| feature  | string                                                  | Yes  | Feature to set.<br>- **bluetooth**: Bluetooth capability of the device.<br>- **modifyDateTime**: capability of modifying the system time. Currently, this feature is available only for 2-in-1 devices.<br>- **printer**: printing capability. Currently, this feature is available only for 2-in-1 devices.<br>- **hdc**: OpenHarmony Device Connector (hdc).<br>- **microphone**: microphone capability of the device.<br>- **fingerprint**: fingerprint authentication capability of the device.<br>- **usb**: USB capability of the device. After this feature is disabled, USB devices cannot be used.<br>- **wifi**: Wi-Fi capability of the device.<br>- **tethering**<sup>14+</sup>: network sharing capability.<br>- **inactiveUserFreeze**<sup>14+</sup>: capability of freezing inactive users. When the system switches to the enterprise space user, the personal space users are inactive users.<!--RP1--><!--RP1End--> |
35| disallow | boolean                                                 | Yes  | Whether to disallow the feature. The value **true** means to disallow the feature; the value **false** means the opposite.                       |
36
37**Error codes**
38
39For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
40
41| ID| Error Message                                                    |
42| -------- | ------------------------------------------------------------ |
43| 9200001  | The application is not an administrator application of the device. |
44| 9200002  | The administrator application does not have permission to manage the device. |
45| 201      | Permission verification failed. The application does not have the permission required to call the API. |
46| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
47
48**Example**
49
50```ts
51import { Want } from '@kit.AbilityKit';
52let wantTemp: Want = {
53  bundleName: 'bundleName',
54  abilityName: 'abilityName',
55};
56
57try {
58  restrictions.setDisallowedPolicy(wantTemp, 'printer', true);
59  console.info('Succeeded in setting printer disabled');
60} catch (err) {
61  console.error(`Failed to set printer disabled. Code is ${err.code}, message is ${err.message}`);
62}
63```
64
65## restrictions.getDisallowedPolicy
66
67getDisallowedPolicy(admin: Want, feature: string): boolean
68
69Obtains the status of a feature.
70
71**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
72
73**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
74
75**Parameters**
76
77| Name | Type                                                   | Mandatory| Description                                                        |
78| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
79| admin   | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                                              |
80| feature | string                                                  | Yes  | Name of the feature, whose status is to be obtained.<br>- **bluetooth**: Bluetooth capability of the device.<br>- **modifyDateTime**: capability of modifying the system time. Currently, this feature is available only for 2-in-1 devices.<br>- **printer**: printing capability. Currently, this feature is available only for 2-in-1 devices.<br>- **hdc**: OpenHarmony Device Connector (hdc).<br>- **microphone**: microphone capability of the device.<br>- **fingerprint**: fingerprint authentication capability of the device.<br>- **usb**: USB capability of the device. After this feature is disabled, USB devices cannot be used.<br>- **wifi**: Wi-Fi capability of the device.<br>- **tethering**<sup>14+</sup>: network sharing capability.<br>- **inactiveUserFreeze**<sup>14+</sup>: capability of freezing inactive users. Currently, this feature is available only for 2-in-1 devices. When the system switches to the enterprise space user, the personal space users are inactive users.<!--RP2--><!--RP2End--> |
81
82**Return value**
83
84| Type   | Description                                                        |
85| ------- | ------------------------------------------------------------ |
86| boolean | Returns **true** if the feature is disallowed; returns **false** otherwise.|
87
88**Error codes**
89
90For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
91
92| ID| Error Message                                                    |
93| -------- | ------------------------------------------------------------ |
94| 9200001  | The application is not an administrator application of the device. |
95| 9200002  | The administrator application does not have permission to manage the device. |
96| 201      | Permission verification failed. The application does not have the permission required to call the API. |
97| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
98
99**Example**
100
101```ts
102import { Want } from '@kit.AbilityKit';
103let wantTemp: Want = {
104  bundleName: 'bundleName',
105  abilityName: 'abilityName',
106};
107
108try {
109  let result: boolean = restrictions.getDisallowedPolicy(wantTemp, 'printer');
110  console.info(`Succeeded in querying is the printing function disabled : ${result}`);
111} catch (err) {
112  console.error(`Failed to set printer disabled. Code is ${err.code}, message is ${err.message}`);
113}
114```
115
116## restrictions.setDisallowedPolicyForAccount<sup>14+</sup>
117
118setDisallowedPolicyForAccount(admin: Want, feature: string, disallow: boolean, accountId: number): void
119
120Allows or disallows a feature for a user.
121
122**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
123
124**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
125
126**Parameters**
127
128| Name  | Type                                                   | Mandatory| Description                                                        |
129| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
130| admin    | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                                              |
131| feature  | string                                                  | Yes  | Feature to set.<br>- **fingerprint**: fingerprint authentication capability of the device.|
132| disallow | boolean                                                 | Yes  | Whether to disallow the feature. The value **true** means to disallow the feature; the value **false** means the opposite.                       |
133| accountId | number                                                 | Yes  | User ID, which must be greater than or equal to 0.                    |
134
135**Error codes**
136
137For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
138
139| ID| Error Message                                                    |
140| -------- | ------------------------------------------------------------ |
141| 9200001  | The application is not an administrator application of the device. |
142| 9200002  | The administrator application does not have permission to manage the device. |
143| 9200010  | A conflict policy has been configured.                       |
144| 201      | Permission verification failed. The application does not have the permission required to call the API. |
145| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
146
147**Example**
148
149```ts
150import { Want } from '@kit.AbilityKit';
151let wantTemp: Want = {
152  bundleName: 'bundleName',
153  abilityName: 'abilityName',
154};
155
156try {
157  restrictions.setDisallowedPolicyForAccount(wantTemp, 'fingerprint', true, 100);
158  console.info('Succeeded in setting fingerprint disabled');
159} catch (err) {
160  console.error(`Failed to set fingerprint disabled. Code is ${err.code}, message is ${err.message}`);
161}
162```
163
164## restrictions.getDisallowedPolicyForAccount<sup>14+</sup>
165
166getDisallowedPolicyForAccount(admin: Want, feature: string, accountId: number): boolean
167
168Obtains the feature status for a user.
169
170**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
171
172**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
173
174**Parameters**
175
176| Name | Type                                                   | Mandatory| Description                                                        |
177| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
178| admin   | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                                              |
179| feature | string                                                  | Yes  | Feature whose status is to be obtained.<br>- **fingerprint**: fingerprint authentication capability of the device.|
180| accountId | number                                                 | Yes  | User ID, which must be greater than or equal to 0.                    |
181
182**Return value**
183
184| Type   | Description                                                        |
185| ------- | ------------------------------------------------------------ |
186| boolean | Returns **true** if the specified feature is disabled; returns **false** otherwise.|
187
188**Error codes**
189
190For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
191
192| ID| Error Message                                                    |
193| -------- | ------------------------------------------------------------ |
194| 9200001  | The application is not an administrator application of the device. |
195| 9200002  | The administrator application does not have permission to manage the device. |
196| 201      | Permission verification failed. The application does not have the permission required to call the API. |
197| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
198
199**Example**
200
201```ts
202import { Want } from '@kit.AbilityKit';
203let wantTemp: Want = {
204  bundleName: 'bundleName',
205  abilityName: 'abilityName',
206};
207
208try {
209  let result: boolean = restrictions.getDisallowedPolicyForAccount(wantTemp, 'fingerprint', 100);
210  console.info(`Succeeded in querying is the fingerprint function disabled : ${result}`);
211} catch (err) {
212  console.error(`Failed to set fingerprint disabled. Code is ${err.code}, message is ${err.message}`);
213}
214```
215
216## restrictions.addDisallowedListForAccount<sup>14+</sup>
217
218addDisallowedListForAccount(admin: Want, feature: string, list: Array\<string>, accountId: number): void
219
220Adds a disallowed feature list for a user.
221
222**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
223
224**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
225
226**Parameters**
227
228| Name  | Type                                                   | Mandatory| Description                                                        |
229| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
230| admin    | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                                              |
231| feature  | string                                                  | Yes  | Feature name.<br>- **snapshotSkip**: skips the screen snapshots.|
232| list | Array\<string>                                                 | Yes  | List of content such as the bundle names.                     |
233| accountId | number                                                 | Yes  | User ID, which must be greater than or equal to 0.                    |
234
235**Error codes**
236
237For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
238
239| ID| Error Message                                                    |
240| -------- | ------------------------------------------------------------ |
241| 9200001  | The application is not an administrator application of the device. |
242| 9200002  | The administrator application does not have permission to manage the device. |                   |
243| 201      | Permission verification failed. The application does not have the permission required to call the API. |
244| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
245
246**Example**
247
248```ts
249import { Want } from '@kit.AbilityKit';
250let wantTemp: Want = {
251  bundleName: 'bundleName',
252  abilityName: 'abilityName',
253};
254let valueList:Array<string> = ["com.xx.aa.", "com.xx.bb"];
255try {
256  restrictions.addDisallowedListForAccount(wantTemp, 'snapshotSkip', valueList, 100);
257  console.info('Succeeded in adding disallowed snapshotSkip feature');
258} catch (err) {
259  console.error(`Failed to add disallowed snapshotSkip feature. Code is ${err.code}, message is ${err.message}`);
260}
261```
262
263## restrictions.removeDisallowedListForAccount<sup>14+</sup>
264
265removeDisallowedListForAccount(admin: Want, feature: string, list: Array\<string>, accountId: number): void
266
267Removes a disallowed feature list for a user.
268
269**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
270
271**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
272
273**Parameters**
274
275| Name  | Type                                                   | Mandatory| Description                                                        |
276| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
277| admin    | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                                              |
278| feature  | string                                                  | Yes  | Feature name.<br>- **snapshotSkip**: skips the screen snapshots.|
279| list | Array\<string>                                                 | Yes  | List of content such as the bundle names.                      |
280| accountId | number                                                 | Yes  | User ID, which must be greater than or equal to 0.                    |
281
282**Error codes**
283
284For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
285
286| ID| Error Message                                                    |
287| -------- | ------------------------------------------------------------ |
288| 9200001  | The application is not an administrator application of the device. |
289| 9200002  | The administrator application does not have permission to manage the device. |                    |
290| 201      | Permission verification failed. The application does not have the permission required to call the API. |
291| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
292
293**Example**
294
295```ts
296import { Want } from '@kit.AbilityKit';
297let wantTemp: Want = {
298  bundleName: 'bundleName',
299  abilityName: 'abilityName',
300};
301let valueList:Array<string> = ["com.xx.aa.", "com.xx.bb"];
302try {
303  restrictions.removeDisallowedListForAccount(wantTemp, 'snapshotSkip', valueList, 100);
304  console.info('Succeeded in removing disallowed snapshotSkip feature');
305} catch (err) {
306  console.error(`Failed to remove disallowed snapshotSkip feature. Code is ${err.code}, message is ${err.message}`);
307}
308```
309
310## restrictions.getDisallowedListForAccount<sup>14+</sup>
311
312getDisallowedListForAccount(admin: Want, feature: string, accountId: number): Array\<string>
313
314Obtains the disallowed feature list of a user.
315
316**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
317
318**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
319
320**Parameters**
321
322| Name | Type                                                   | Mandatory| Description                                                        |
323| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
324| admin   | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | Device administrator application.                                              |
325| feature | string                                                  | Yes  | Feature name.<br>- **snapshotSkip**: skips the screen snapshots.|
326| accountId | number                                                 | Yes  | User ID, which must be greater than or equal to 0.                    |
327
328**Return value**
329
330| Type   | Description                                                        |
331| ------- | ------------------------------------------------------------ |
332| Array\<string> | Disallowed feature list obtained.|
333
334**Error codes**
335
336For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
337
338| ID| Error Message                                                    |
339| -------- | ------------------------------------------------------------ |
340| 9200001  | The application is not an administrator application of the device. |
341| 9200002  | The administrator application does not have permission to manage the device. |
342| 201      | Permission verification failed. The application does not have the permission required to call the API. |
343| 401      | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
344
345**Example**
346
347```ts
348import { Want } from '@kit.AbilityKit';
349let wantTemp: Want = {
350  bundleName: 'bundleName',
351  abilityName: 'abilityName',
352};
353
354try {
355  let result: Array<string> = restrictions.getDisallowedListForAccount(wantTemp, 'snapshotSkip', 100);
356  console.info('Succeeded in querying disallowed list for account');
357} catch (err) {
358  console.error(`Failed to query disallowed list for account. Code is ${err.code}, message is ${err.message}`);
359}
360```
361