1e41f4b71Sopenharmony_ci# DataAbility Permission Control 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci 4e41f4b71Sopenharmony_ciThe DataAbility uses permission control to determine whether an ability can access the data service it provides. There are static and dynamic permission controls. 5e41f4b71Sopenharmony_ci 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ci## Static Permission Control 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ciThe DataAbility functions as the server. When being started, the DataAbility verifies the client permissions against the settings of the optional fields **readPermission**, **writePermission**, and **Permission** fields in the **config.json** file. The following is an example: 10e41f4b71Sopenharmony_ci 11e41f4b71Sopenharmony_ci 12e41f4b71Sopenharmony_ci```json 13e41f4b71Sopenharmony_ci"abilities": [ 14e41f4b71Sopenharmony_ci ... 15e41f4b71Sopenharmony_ci { 16e41f4b71Sopenharmony_ci "name": ".DataAbility", 17e41f4b71Sopenharmony_ci "srcLanguage": "ets", 18e41f4b71Sopenharmony_ci "srcPath": "DataAbility", 19e41f4b71Sopenharmony_ci "icon": "$media:icon", 20e41f4b71Sopenharmony_ci "description": "$string:DataAbility_desc", 21e41f4b71Sopenharmony_ci "type": "data", 22e41f4b71Sopenharmony_ci "visible": true, 23e41f4b71Sopenharmony_ci "uri": "dataability://com.samples.famodelabilitydevelop.DataAbility", 24e41f4b71Sopenharmony_ci "readPermission": "ohos.permission.READ_CONTACTS", 25e41f4b71Sopenharmony_ci "writePermission": "ohos.permission.WRITE_CONTACTS" 26e41f4b71Sopenharmony_ci }, 27e41f4b71Sopenharmony_ci ... 28e41f4b71Sopenharmony_ci] 29e41f4b71Sopenharmony_ci``` 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ciThe client permission is configured in **reqPermissions** under **module** in the **config.json** file. The following is an example: 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci 34e41f4b71Sopenharmony_ci```json 35e41f4b71Sopenharmony_ci{ 36e41f4b71Sopenharmony_ci ... 37e41f4b71Sopenharmony_ci "module": { 38e41f4b71Sopenharmony_ci ... 39e41f4b71Sopenharmony_ci "reqPermissions": [ 40e41f4b71Sopenharmony_ci { 41e41f4b71Sopenharmony_ci "name": "ohos.permission.READ_CONTACTS" 42e41f4b71Sopenharmony_ci }, 43e41f4b71Sopenharmony_ci { 44e41f4b71Sopenharmony_ci "name": "ohos.permission.WRITE_CONTACTS" 45e41f4b71Sopenharmony_ci }, 46e41f4b71Sopenharmony_ci ... 47e41f4b71Sopenharmony_ci ], 48e41f4b71Sopenharmony_ci ... 49e41f4b71Sopenharmony_ci } 50e41f4b71Sopenharmony_ci} 51e41f4b71Sopenharmony_ci``` 52e41f4b71Sopenharmony_ci 53e41f4b71Sopenharmony_ci 54e41f4b71Sopenharmony_ci## Dynamic Permission Control 55e41f4b71Sopenharmony_ci 56e41f4b71Sopenharmony_ciStatic permission control determines whether a DataAbility can be started by another ability or application. It does not verify the permission of each read/write interface. 57e41f4b71Sopenharmony_ci 58e41f4b71Sopenharmony_ciDynamic permission control verifies whether the client has the corresponding permission for every read/write interface. The table below lists the permissions required for calling these interfaces. 59e41f4b71Sopenharmony_ci 60e41f4b71Sopenharmony_ci**Table 1** Permission configuration for data read/write interfaces 61e41f4b71Sopenharmony_ci 62e41f4b71Sopenharmony_ci| Interface with the Read Permission| Interface with the Write Permission| Interface with the Read/Write Permission Based on Actual Requirements| 63e41f4b71Sopenharmony_ci| -------- | -------- | -------- | 64e41f4b71Sopenharmony_ci| query, normalizeUri, denormalizeUri, openfile (with **mode** set to **'r'**)| insert, batchInsert, delete, update, openfile (with **mode** set to **'w'**)| executeBatch | 65e41f4b71Sopenharmony_ci 66e41f4b71Sopenharmony_ciFor interfaces that require the read permission, the server must have **readPermission** specified, and the client must obtain the read permission before calling them. 67e41f4b71Sopenharmony_ci 68e41f4b71Sopenharmony_ciFor interfaces that require the write permission, the server must have **writePermission** specified, and the client must obtain the write permission before calling them. 69