1# Access Token Manager
2
3Access Token Manager (atm) is a tool used to query<!--Del--> and set<!--DelEnd--> the information such as permission and usage type of an application process. It provides the capability of access control based on the token ID, bundle name, and process name.
4
5## Environment Setup
6Before using this tool, you must obtain [hdc](../dfx/hdc.md) and run the **hdc shell** command.
7
8## Commands
9
10| Command               | Description|
11| ------------------- | -----------|
12| help                | Displays the commands supported by the atm tool.|
13| <!--DelRow-->perm   | Grants or revokes a permission for an application process.|
14| <!--DelRow-->toggle | Sets or obtains the toggle state of a permission.|
15| dump                | Obtains access control data.|
16
17## help
18
19```bash
20# Display the help information.
21atm help
22```
23
24
25<!--Del-->
26
27## perm
28```bash
29atm perm [-h] [-g -i <token-id> -p <permission-name>] [-c -i <token-id> -p <permission-name>]
30```
31
32**Parameters of the perm command**
33| Parameter                                              | Description                 |
34| -------------------------------------------------- | ---------------------- |
35| -h                                        | Displays help information.| Commands supported by the **atm perm** command.|
36| -g&nbsp;-i \<token-id\>&nbsp;-p \<permission-name\> | Grants a specified permission to an application based on the token ID of the application process. The **-g**, **-i**, and **-p** parameters are mandatory. The return value indicates whether the operation is successful.   |
37| -c&nbsp;-i \<token-id\>&nbsp;-p \<permission-name\> | Cancels a specified permission for an application based on the token ID of the application process. The **-c**, **-i**, and **-p** parameters are mandatory. The return value indicates whether the operation is successful.   |
38
39Example:
40
41```bash
42# Display the help information about the atm perm command.
43atm perm -h
44
45# Grant the camera permission to an application process.
46atm perm -g -i ********* -p ohos.permission.CAMERA
47
48# Revoke the camera permission for an application process.
49atm perm -c -i ********* -p ohos.permission.CAMERA
50```
51
52
53## toggle
54
55```bash
56atm toggle [-h] [-s -u <user-id> -p <permission-name> -k <status>] [-o -u <user-id> -p <permission-name>]
57```
58**Parameters of the toggle command**
59
60| Parameter                                                          | Description                               |
61| ----------------------------------------------------------------- | ----------------------------------- |
62| -h                                                     | Displays help information.             |
63| -s&nbsp;-u \<user-id\>&nbsp;-p \<permission-name\>&nbsp;-k \<status\> | Sets the toggle state (specified by status) of a specified permission of a specified user. The **-c**, **-i**, **-p** and **-k** parameters are mandatory. The return value indicates whether the operation is successful.|
64| -o&nbsp;-u \<user-id\>&nbsp;-p \<permission-name\> | Obtains the toggle state of a specified permission for a specified user. The **-o**, **-u**, and **-p** parameters are mandatory.|
65
66Example:
67
68```bash
69# Display the help information about the atm toggle command.
70atm toggle -h
71
72# Enable the camera permission for user 0.
73atm toggle -s -u 0 -p ohos.permission.CAMERA -k 1
74
75# Obtain the toggle state of the camera permission for user 0.
76atm toggle -o -u 0 -p ohos.permission.CAMERA
77```
78
79<!--DelEnd-->
80
81
82## dump
83
84<!--RP1-->
85```bash
86atm dump [-h] [-t [-i <token-id>] [-b <bundle-name>] [-n <process-name>]] [-r [-i <token-id>] [-p <permission-name>]] [-v [-i <token-id>] [-p <permission-name>]]
87```
88<!--RP1End-->
89
90In the following commands, the **-t**, <!--Del-->**-r** <!--DelEnd-->and **-v** parameters are mandatory, and the *-i*, *-b*, *-n* and *-p* parameters are optional. For <!--Del-->**atm dump -r** and <!--DelEnd-->**atm dump -v**, the *-i* and *-p* parameters can be used together. For **atm dump -t**, the *-i*, *-b*, and *-n* parameters can only be used independently.
91
92| Parameter                                         | Description                                                |
93| ----------------------------------------------- | ---------------------------------------------------- |
94| -h                                     | Displays help information.                             |
95| -t                                     | Dumps information about all application processes in the system. This parameter is mandatory.                            |
96| -t&nbsp;-i \<token-id\>                     | Dumps the permission information of an application based on the token ID of the application process. This parameter is optional.            |
97| -t&nbsp;-b \<bundle-name\>                  |  Dumps the permission information of an application based on the bundle name of the application process. This parameter is optional.    |
98| -t&nbsp;-n \<process-name\>                 |  Dumps the permission information of an application based on the process name of the application process. This parameter is optional. |
99| <!--DelRow-->-r                        |  Dumps all permission usage records in the system. This parameter is mandatory.                          |
100| <!--DelRow-->-r&nbsp;-i \<token-id\>        | Dumps the permission usage records of an application based on the token ID of the application process. This parameter is optional.       |
101| <!--DelRow-->-r&nbsp;-p \<permission-name\> | Dumps the usage records of a permission with the specified permission name. This parameter is optional.                       |
102| -v                                     | Dumps the permission usage types of all application processes in the system. This parameter is mandatory.                   |
103| -v&nbsp;-i \<token-id\>                     | Dumps the permission usage types of an application based on the token ID of the application process. This parameter is optional.        |
104| -v&nbsp;-p \<permission-name\>              | Dumps the usage types of a permission with the specified permission name. This parameter is optional.                       |
105
106Example:
107
108```bash
109#Display the help information about the atm dump command.
110atm dump -h
111
112#Dump the token IDs and bundle names of all application processes in the system.
113atm dump -t
114
115#Dump the permission information based on the token ID.
116atm dump -t -i *********
117
118#Dump the permission information based on the bundle name.
119atm dump -t -b ohos.telephony.resources
120
121#Dump the permission information based on the process name.
122atm dump -t -n *********
123
124#Dump the permission types of all applications.
125atm dump -v
126
127#Dump the permission usage types based on the token ID.
128atm dump -v -i *********
129
130#Dump the permission usage types based on the permission name.
131atm dump -v -p ohos.permission.CAMERA
132
133#Dump the permission usage types based on the token ID and permission name.
134atm dump -v -i ********* -p ohos.permission.CAMERA
135```
136
137<!--Del-->
138```bash
139#Dump all permission usage records in the system.
140atm dump -r
141
142#Dump the permission usage records based on the token ID.
143atm dump -r -i *********
144
145#Dump the permission usage records based on the permission name.
146atm dump -r -p ohos.permission.CAMERA
147
148#Dump the permission usage records based on the token ID and permission name.
149atm dump -r -i ********* -p ohos.permission.CAMERA
150```
151<!--DelEnd-->
152