1e41f4b71Sopenharmony_ci# @ohos.abilityAccessCtrl (Application Access Control) 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ciThe **abilityAccessCtrl** module provides APIs for application permission management, including authentication, authorization, and revocation. 4e41f4b71Sopenharmony_ci 5e41f4b71Sopenharmony_ci> **NOTE** 6e41f4b71Sopenharmony_ci> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version. 7e41f4b71Sopenharmony_ci 8e41f4b71Sopenharmony_ci## Modules to Import 9e41f4b71Sopenharmony_ci 10e41f4b71Sopenharmony_ci```ts 11e41f4b71Sopenharmony_ciimport { abilityAccessCtrl } from '@kit.AbilityKit' 12e41f4b71Sopenharmony_ci``` 13e41f4b71Sopenharmony_ci 14e41f4b71Sopenharmony_ci## abilityAccessCtrl.createAtManager 15e41f4b71Sopenharmony_ci 16e41f4b71Sopenharmony_cicreateAtManager(): AtManager 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ciCreates an **AtManager** instance, which is used for application access control. 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 11. 21e41f4b71Sopenharmony_ci 22e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 23e41f4b71Sopenharmony_ci 24e41f4b71Sopenharmony_ci 25e41f4b71Sopenharmony_ci**Return value** 26e41f4b71Sopenharmony_ci 27e41f4b71Sopenharmony_ci| Type| Description| 28e41f4b71Sopenharmony_ci| -------- | -------- | 29e41f4b71Sopenharmony_ci| [AtManager](#atmanager) | **AtManager** instance created.| 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ci**Example** 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci```ts 34e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 35e41f4b71Sopenharmony_ci``` 36e41f4b71Sopenharmony_ci 37e41f4b71Sopenharmony_ci## AtManager 38e41f4b71Sopenharmony_ci 39e41f4b71Sopenharmony_ciProvides APIs for application access control. 40e41f4b71Sopenharmony_ci 41e41f4b71Sopenharmony_ci### checkAccessToken<sup>9+</sup> 42e41f4b71Sopenharmony_ci 43e41f4b71Sopenharmony_cicheckAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus> 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ciChecks whether a permission is granted to an application. This API uses a promise to return the result. 46e41f4b71Sopenharmony_ci 47e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 11. 48e41f4b71Sopenharmony_ci 49e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 50e41f4b71Sopenharmony_ci 51e41f4b71Sopenharmony_ci**Parameters** 52e41f4b71Sopenharmony_ci 53e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 54e41f4b71Sopenharmony_ci| -------- | ------------------- | ---- | ------------------------------------------ | 55e41f4b71Sopenharmony_ci| tokenID | number | Yes | Application token ID, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 56e41f4b71Sopenharmony_ci| permissionName | Permissions | Yes | Permission to check. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 57e41f4b71Sopenharmony_ci 58e41f4b71Sopenharmony_ci**Return value** 59e41f4b71Sopenharmony_ci 60e41f4b71Sopenharmony_ci| Type | Description | 61e41f4b71Sopenharmony_ci| :------------ | :---------------------------------- | 62e41f4b71Sopenharmony_ci| Promise<[GrantStatus](#grantstatus)> | Promise used to return the permission grant state.| 63e41f4b71Sopenharmony_ci 64e41f4b71Sopenharmony_ci**Error codes** 65e41f4b71Sopenharmony_ci 66e41f4b71Sopenharmony_ciFor details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 67e41f4b71Sopenharmony_ci 68e41f4b71Sopenharmony_ci| ID| Error Message| 69e41f4b71Sopenharmony_ci| -------- | -------- | 70e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 71e41f4b71Sopenharmony_ci| 12100001 | Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. | 72e41f4b71Sopenharmony_ci 73e41f4b71Sopenharmony_ci**Example** 74e41f4b71Sopenharmony_ci 75e41f4b71Sopenharmony_ci```ts 76e41f4b71Sopenharmony_ciimport { abilityAccessCtrl } from '@kit.AbilityKit'; 77e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 78e41f4b71Sopenharmony_ci 79e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 80e41f4b71Sopenharmony_cilet tokenID: number = 0; // Use bundleManager.getApplicationInfo() to obtain the token ID for a system application, and use bundleManager.getBundleInfoForSelf() to obtain the token ID for a non-system application. 81e41f4b71Sopenharmony_ciatManager.checkAccessToken(tokenID, 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS').then((data: abilityAccessCtrl.GrantStatus) => { 82e41f4b71Sopenharmony_ci console.log(`checkAccessToken success, data->${JSON.stringify(data)}`); 83e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 84e41f4b71Sopenharmony_ci console.error(`checkAccessToken fail, err->${JSON.stringify(err)}`); 85e41f4b71Sopenharmony_ci}); 86e41f4b71Sopenharmony_ci``` 87e41f4b71Sopenharmony_ci 88e41f4b71Sopenharmony_ci### verifyAccessTokenSync<sup>9+</sup> 89e41f4b71Sopenharmony_ci 90e41f4b71Sopenharmony_civerifyAccessTokenSync(tokenID: number, permissionName: Permissions): GrantStatus 91e41f4b71Sopenharmony_ci 92e41f4b71Sopenharmony_ciVerifies whether a permission is granted to an application. This API returns the result synchronously. 93e41f4b71Sopenharmony_ci 94e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 95e41f4b71Sopenharmony_ci 96e41f4b71Sopenharmony_ci**Parameters** 97e41f4b71Sopenharmony_ci 98e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 99e41f4b71Sopenharmony_ci| -------- | ------------------- | ---- | ------------------------------------------ | 100e41f4b71Sopenharmony_ci| tokenID | number | Yes | Application token ID, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 101e41f4b71Sopenharmony_ci| permissionName | Permissions | Yes | Permission to verify. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 102e41f4b71Sopenharmony_ci 103e41f4b71Sopenharmony_ci**Return value** 104e41f4b71Sopenharmony_ci 105e41f4b71Sopenharmony_ci| Type | Description | 106e41f4b71Sopenharmony_ci| :------------ | :---------------------------------- | 107e41f4b71Sopenharmony_ci| [GrantStatus](#grantstatus) | Permission grant state.| 108e41f4b71Sopenharmony_ci 109e41f4b71Sopenharmony_ci**Error codes** 110e41f4b71Sopenharmony_ci 111e41f4b71Sopenharmony_ciFor details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 112e41f4b71Sopenharmony_ci 113e41f4b71Sopenharmony_ci| ID| Error Message| 114e41f4b71Sopenharmony_ci| -------- | -------- | 115e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 116e41f4b71Sopenharmony_ci| 12100001 | Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. | 117e41f4b71Sopenharmony_ci 118e41f4b71Sopenharmony_ci**Example** 119e41f4b71Sopenharmony_ci 120e41f4b71Sopenharmony_ci```ts 121e41f4b71Sopenharmony_ciimport { abilityAccessCtrl } from '@kit.AbilityKit'; 122e41f4b71Sopenharmony_ci 123e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 124e41f4b71Sopenharmony_cilet tokenID: number = 0; // Use bundleManager.getApplicationInfo() to obtain the token ID for a system application, and use bundleManager.getBundleInfoForSelf() to obtain the token ID for a non-system application. 125e41f4b71Sopenharmony_citry { 126e41f4b71Sopenharmony_ci let data: abilityAccessCtrl.GrantStatus = atManager.verifyAccessTokenSync(tokenID, 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS'); 127e41f4b71Sopenharmony_ci console.log(`data->${JSON.stringify(data)}`); 128e41f4b71Sopenharmony_ci} catch(err) { 129e41f4b71Sopenharmony_ci console.error(`catch err->${JSON.stringify(err)}`); 130e41f4b71Sopenharmony_ci} 131e41f4b71Sopenharmony_ci``` 132e41f4b71Sopenharmony_ci 133e41f4b71Sopenharmony_ci### verifyAccessToken<sup>9+</sup> 134e41f4b71Sopenharmony_ci 135e41f4b71Sopenharmony_civerifyAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus> 136e41f4b71Sopenharmony_ci 137e41f4b71Sopenharmony_ciVerifies whether a permission is granted to an application. This API uses a promise to return the result. 138e41f4b71Sopenharmony_ci 139e41f4b71Sopenharmony_ci> **NOTE** 140e41f4b71Sopenharmony_ci> 141e41f4b71Sopenharmony_ci> You are advised to use [checkAccessToken](#checkaccesstoken9). 142e41f4b71Sopenharmony_ci 143e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 144e41f4b71Sopenharmony_ci 145e41f4b71Sopenharmony_ci**Parameters** 146e41f4b71Sopenharmony_ci 147e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 148e41f4b71Sopenharmony_ci| -------- | ------------------- | ---- | ------------------------------------------ | 149e41f4b71Sopenharmony_ci| tokenID | number | Yes | Application token ID, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 150e41f4b71Sopenharmony_ci| permissionName | Permissions | Yes | Permission to verify. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 151e41f4b71Sopenharmony_ci 152e41f4b71Sopenharmony_ci**Return value** 153e41f4b71Sopenharmony_ci 154e41f4b71Sopenharmony_ci| Type | Description | 155e41f4b71Sopenharmony_ci| :------------ | :---------------------------------- | 156e41f4b71Sopenharmony_ci| Promise<[GrantStatus](#grantstatus)> | Promise used to return the permission grant state.| 157e41f4b71Sopenharmony_ci 158e41f4b71Sopenharmony_ci**Example** 159e41f4b71Sopenharmony_ci 160e41f4b71Sopenharmony_ci```ts 161e41f4b71Sopenharmony_ciimport { abilityAccessCtrl, Permissions } from '@kit.AbilityKit'; 162e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 163e41f4b71Sopenharmony_ci 164e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 165e41f4b71Sopenharmony_cilet tokenID: number = 0; // Use bundleManager.getApplicationInfo() to obtain the token ID for a system application, and use bundleManager.getBundleInfoForSelf() to obtain the token ID for a non-system application. 166e41f4b71Sopenharmony_cilet permissionName: Permissions = 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS'; 167e41f4b71Sopenharmony_ciatManager.verifyAccessToken(tokenID, permissionName).then((data: abilityAccessCtrl.GrantStatus) => { 168e41f4b71Sopenharmony_ci console.log(`promise: data->${JSON.stringify(data)}`); 169e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 170e41f4b71Sopenharmony_ci console.error(`verifyAccessToken fail, err->${JSON.stringify(err)}`); 171e41f4b71Sopenharmony_ci}); 172e41f4b71Sopenharmony_ci``` 173e41f4b71Sopenharmony_ci 174e41f4b71Sopenharmony_ci### requestPermissionsFromUser<sup>9+</sup> 175e41f4b71Sopenharmony_ci 176e41f4b71Sopenharmony_cirequestPermissionsFromUser(context: Context, permissionList: Array<Permissions>, requestCallback: AsyncCallback<PermissionRequestResult>): void 177e41f4b71Sopenharmony_ci 178e41f4b71Sopenharmony_ciRequests user authorization in a dialog box opened by a <!--RP1-->UIAbility<!--RP1End-->. This API uses an asynchronous callback to return the result. 179e41f4b71Sopenharmony_ci 180e41f4b71Sopenharmony_ciIf the user rejects to grant the permission, the authorization dialog box cannot be displayed again. If required, the user can manually grant the permission on the **Settings** page. 181e41f4b71Sopenharmony_ci 182e41f4b71Sopenharmony_ci> **NOTE** 183e41f4b71Sopenharmony_ci> 184e41f4b71Sopenharmony_ci> Only <!--RP1-->UIAbility<!--RP1End--> is supported. 185e41f4b71Sopenharmony_ci 186e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 12. 187e41f4b71Sopenharmony_ci 188e41f4b71Sopenharmony_ci**Model restriction**: This API can be used only in the stage model. 189e41f4b71Sopenharmony_ci 190e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 191e41f4b71Sopenharmony_ci 192e41f4b71Sopenharmony_ci**Parameters** 193e41f4b71Sopenharmony_ci 194e41f4b71Sopenharmony_ci| Name| Type| Mandatory| Description| 195e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 196e41f4b71Sopenharmony_ci| context | [Context](js-apis-inner-application-context.md) | Yes| Context of the <!--RP1-->UIAbility<!--RP1End--> that requests the permission.| 197e41f4b71Sopenharmony_ci| permissionList | Array<Permissions> | Yes| Permissions to request. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 198e41f4b71Sopenharmony_ci| requestCallback | AsyncCallback<[PermissionRequestResult](js-apis-permissionrequestresult.md)> | Yes| Callback invoked to return the result.| 199e41f4b71Sopenharmony_ci 200e41f4b71Sopenharmony_ci**Error codes** 201e41f4b71Sopenharmony_ci 202e41f4b71Sopenharmony_ciFor details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 203e41f4b71Sopenharmony_ci 204e41f4b71Sopenharmony_ci| ID| Error Message| 205e41f4b71Sopenharmony_ci| -------- | -------- | 206e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 207e41f4b71Sopenharmony_ci| 12100001 | Invalid parameter. The context is invalid when it does not belong to the application itself. | 208e41f4b71Sopenharmony_ci 209e41f4b71Sopenharmony_ci**Example** 210e41f4b71Sopenharmony_ciFor details about how to obtain the context in the example, see [Obtaining the Context of UIAbility](../../application-models/uiability-usage.md#obtaining-the-context-of-uiability). 211e41f4b71Sopenharmony_ci 212e41f4b71Sopenharmony_ci```ts 213e41f4b71Sopenharmony_ciimport { abilityAccessCtrl, Context, PermissionRequestResult, common } from '@kit.AbilityKit'; 214e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 215e41f4b71Sopenharmony_ci 216e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 217e41f4b71Sopenharmony_cilet context: Context = getContext(this) as common.UIAbilityContext; 218e41f4b71Sopenharmony_ciatManager.requestPermissionsFromUser(context, ['ohos.permission.CAMERA'], (err: BusinessError, data: PermissionRequestResult) => { 219e41f4b71Sopenharmony_ci if (err) { 220e41f4b71Sopenharmony_ci console.error(`requestPermissionsFromUser fail, err->${JSON.stringify(err)}`); 221e41f4b71Sopenharmony_ci } else { 222e41f4b71Sopenharmony_ci console.info('data:' + JSON.stringify(data)); 223e41f4b71Sopenharmony_ci console.info('data permissions:' + data.permissions); 224e41f4b71Sopenharmony_ci console.info('data authResults:' + data.authResults); 225e41f4b71Sopenharmony_ci console.info('data dialogShownResults:' + data.dialogShownResults); 226e41f4b71Sopenharmony_ci } 227e41f4b71Sopenharmony_ci}); 228e41f4b71Sopenharmony_ci``` 229e41f4b71Sopenharmony_ci 230e41f4b71Sopenharmony_ci### requestPermissionsFromUser<sup>9+</sup> 231e41f4b71Sopenharmony_ci 232e41f4b71Sopenharmony_cirequestPermissionsFromUser(context: Context, permissionList: Array<Permissions>): Promise<PermissionRequestResult> 233e41f4b71Sopenharmony_ci 234e41f4b71Sopenharmony_ciRequests user authorization in a dialog box opened by a <!--RP1-->UIAbility<!--RP1End-->. This API uses a promise to return the result. 235e41f4b71Sopenharmony_ci 236e41f4b71Sopenharmony_ciIf the user rejects to grant the permission, the authorization dialog box cannot be displayed again. If required, the user can manually grant the permission on the **Settings** page. 237e41f4b71Sopenharmony_ci 238e41f4b71Sopenharmony_ci> **NOTE** 239e41f4b71Sopenharmony_ci> 240e41f4b71Sopenharmony_ci> Only <!--RP1-->UIAbility<!--RP1End--> is supported. 241e41f4b71Sopenharmony_ci 242e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 11. 243e41f4b71Sopenharmony_ci 244e41f4b71Sopenharmony_ci**Model restriction**: This API can be used only in the stage model. 245e41f4b71Sopenharmony_ci 246e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 247e41f4b71Sopenharmony_ci 248e41f4b71Sopenharmony_ci**Parameters** 249e41f4b71Sopenharmony_ci 250e41f4b71Sopenharmony_ci| Name| Type| Mandatory| Description| 251e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 252e41f4b71Sopenharmony_ci| context | [Context](js-apis-inner-application-context.md) | Yes| Context of the <!--RP1-->UIAbility<!--RP1End--> that requests the permission.| 253e41f4b71Sopenharmony_ci| permissionList | Array<Permissions> | Yes| Permissions to request. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 254e41f4b71Sopenharmony_ci 255e41f4b71Sopenharmony_ci**Return value** 256e41f4b71Sopenharmony_ci 257e41f4b71Sopenharmony_ci| Type| Description| 258e41f4b71Sopenharmony_ci| -------- | -------- | 259e41f4b71Sopenharmony_ci| Promise<[PermissionRequestResult](js-apis-permissionrequestresult.md)> | Promise used to return the result.| 260e41f4b71Sopenharmony_ci 261e41f4b71Sopenharmony_ci**Error codes** 262e41f4b71Sopenharmony_ci 263e41f4b71Sopenharmony_ciFor details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 264e41f4b71Sopenharmony_ci 265e41f4b71Sopenharmony_ci| ID| Error Message| 266e41f4b71Sopenharmony_ci| -------- | -------- | 267e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 268e41f4b71Sopenharmony_ci| 12100001 | Invalid parameter. The context is invalid when it does not belong to the application itself. | 269e41f4b71Sopenharmony_ci 270e41f4b71Sopenharmony_ci**Example** 271e41f4b71Sopenharmony_ciFor details about how to obtain the context in the example, see [Obtaining the Context of UIAbility](../../application-models/uiability-usage.md#obtaining-the-context-of-uiability). 272e41f4b71Sopenharmony_ci 273e41f4b71Sopenharmony_ci```ts 274e41f4b71Sopenharmony_ciimport { abilityAccessCtrl, Context, PermissionRequestResult, common } from '@kit.AbilityKit'; 275e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 276e41f4b71Sopenharmony_ci 277e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 278e41f4b71Sopenharmony_cilet context: Context = getContext(this) as common.UIAbilityContext; 279e41f4b71Sopenharmony_ciatManager.requestPermissionsFromUser(context, ['ohos.permission.CAMERA']).then((data: PermissionRequestResult) => { 280e41f4b71Sopenharmony_ci console.info('data:' + JSON.stringify(data)); 281e41f4b71Sopenharmony_ci console.info('data permissions:' + data.permissions); 282e41f4b71Sopenharmony_ci console.info('data authResults:' + data.authResults); 283e41f4b71Sopenharmony_ci console.info('data dialogShownResults:' + data.dialogShownResults); 284e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 285e41f4b71Sopenharmony_ci console.error('data:' + JSON.stringify(err)); 286e41f4b71Sopenharmony_ci}); 287e41f4b71Sopenharmony_ci``` 288e41f4b71Sopenharmony_ci 289e41f4b71Sopenharmony_ci### verifyAccessToken<sup>(deprecated)</sup> 290e41f4b71Sopenharmony_ci 291e41f4b71Sopenharmony_civerifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus> 292e41f4b71Sopenharmony_ci 293e41f4b71Sopenharmony_ciVerifies whether a permission is granted to an application. This API uses a promise to return the result. 294e41f4b71Sopenharmony_ci 295e41f4b71Sopenharmony_ci> **NOTE** 296e41f4b71Sopenharmony_ci> 297e41f4b71Sopenharmony_ci> This API is no longer maintained since API version 9. Use [checkAccessToken](#checkaccesstoken9) instead. 298e41f4b71Sopenharmony_ci 299e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 300e41f4b71Sopenharmony_ci 301e41f4b71Sopenharmony_ci**Parameters** 302e41f4b71Sopenharmony_ci 303e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 304e41f4b71Sopenharmony_ci| -------- | ------------------- | ---- | ------------------------------------------ | 305e41f4b71Sopenharmony_ci| tokenID | number | Yes | Application token ID, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 306e41f4b71Sopenharmony_ci| permissionName | string | Yes | Permission to verify. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 307e41f4b71Sopenharmony_ci 308e41f4b71Sopenharmony_ci**Return value** 309e41f4b71Sopenharmony_ci 310e41f4b71Sopenharmony_ci| Type | Description | 311e41f4b71Sopenharmony_ci| :------------ | :---------------------------------- | 312e41f4b71Sopenharmony_ci| Promise<[GrantStatus](#grantstatus)> | Promise used to return the permission grant state.| 313e41f4b71Sopenharmony_ci 314e41f4b71Sopenharmony_ci**Example** 315e41f4b71Sopenharmony_ci 316e41f4b71Sopenharmony_ci```ts 317e41f4b71Sopenharmony_ciimport { abilityAccessCtrl } from '@kit.AbilityKit'; 318e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 319e41f4b71Sopenharmony_ci 320e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 321e41f4b71Sopenharmony_cilet tokenID: number = 0; // Use bundleManager.getApplicationInfo() to obtain the token ID for a system application, and use bundleManager.getBundleInfoForSelf() to obtain the token ID for a non-system application. 322e41f4b71Sopenharmony_ciatManager.verifyAccessToken(tokenID, 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS').then((data: abilityAccessCtrl.GrantStatus) => { 323e41f4b71Sopenharmony_ci console.log(`promise: data->${JSON.stringify(data)}`); 324e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 325e41f4b71Sopenharmony_ci console.error(`verifyAccessToken fail, err->${JSON.stringify(err)}`); 326e41f4b71Sopenharmony_ci}); 327e41f4b71Sopenharmony_ci``` 328e41f4b71Sopenharmony_ci 329e41f4b71Sopenharmony_ci### checkAccessTokenSync<sup>10+</sup> 330e41f4b71Sopenharmony_ci 331e41f4b71Sopenharmony_cicheckAccessTokenSync(tokenID: number, permissionName: Permissions): GrantStatus 332e41f4b71Sopenharmony_ci 333e41f4b71Sopenharmony_ciChecks whether a permission is granted to an application. This API returns the result synchronously. 334e41f4b71Sopenharmony_ci 335e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 11. 336e41f4b71Sopenharmony_ci 337e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 338e41f4b71Sopenharmony_ci 339e41f4b71Sopenharmony_ci**Parameters** 340e41f4b71Sopenharmony_ci 341e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 342e41f4b71Sopenharmony_ci| -------- | ------------------- | ---- | ------------------------------------------ | 343e41f4b71Sopenharmony_ci| tokenID | number | Yes | Application token ID, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 344e41f4b71Sopenharmony_ci| permissionName | Permissions | Yes | Permission to check. For details about the permissions, see [Permissions for All Applications](../../security/AccessToken/permissions-for-all.md).| 345e41f4b71Sopenharmony_ci 346e41f4b71Sopenharmony_ci**Return value** 347e41f4b71Sopenharmony_ci 348e41f4b71Sopenharmony_ci| Type | Description | 349e41f4b71Sopenharmony_ci| :------------ | :---------------------------------- | 350e41f4b71Sopenharmony_ci| [GrantStatus](#grantstatus) | Permission grant state.| 351e41f4b71Sopenharmony_ci 352e41f4b71Sopenharmony_ci**Error codes** 353e41f4b71Sopenharmony_ci 354e41f4b71Sopenharmony_ciFor details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 355e41f4b71Sopenharmony_ci 356e41f4b71Sopenharmony_ci| ID| Error Message| 357e41f4b71Sopenharmony_ci| -------- | -------- | 358e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 359e41f4b71Sopenharmony_ci| 12100001 | Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. | 360e41f4b71Sopenharmony_ci 361e41f4b71Sopenharmony_ci**Example** 362e41f4b71Sopenharmony_ci 363e41f4b71Sopenharmony_ci```ts 364e41f4b71Sopenharmony_ciimport { abilityAccessCtrl, Permissions } from '@kit.AbilityKit'; 365e41f4b71Sopenharmony_ci 366e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 367e41f4b71Sopenharmony_cilet tokenID: number = 0; // Use bundleManager.getApplicationInfo() to obtain the token ID for a system application, and use bundleManager.getBundleInfoForSelf() to obtain the token ID for a non-system application. 368e41f4b71Sopenharmony_cilet permissionName: Permissions = 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS'; 369e41f4b71Sopenharmony_cilet data: abilityAccessCtrl.GrantStatus = atManager.checkAccessTokenSync(tokenID, permissionName); 370e41f4b71Sopenharmony_ciconsole.log(`data->${JSON.stringify(data)}`); 371e41f4b71Sopenharmony_ci``` 372e41f4b71Sopenharmony_ci 373e41f4b71Sopenharmony_ci### GrantStatus 374e41f4b71Sopenharmony_ci 375e41f4b71Sopenharmony_ciEnumerates the permission grant states. 376e41f4b71Sopenharmony_ci 377e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 11. 378e41f4b71Sopenharmony_ci 379e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 380e41f4b71Sopenharmony_ci 381e41f4b71Sopenharmony_ci| Name | Value| Description | 382e41f4b71Sopenharmony_ci| ------------------ | ----- | ----------- | 383e41f4b71Sopenharmony_ci| PERMISSION_DENIED | -1 | The permission is not granted.| 384e41f4b71Sopenharmony_ci| PERMISSION_GRANTED | 0 | The permission is granted.| 385e41f4b71Sopenharmony_ci 386e41f4b71Sopenharmony_ci### requestPermissionOnSetting<sup>12+</sup> 387e41f4b71Sopenharmony_ci 388e41f4b71Sopenharmony_cirequestPermissionOnSetting(context: Context, permissionList: Array<Permissions>): Promise<Array<GrantStatus>> 389e41f4b71Sopenharmony_ci 390e41f4b71Sopenharmony_ciRequests permissions in a **Settings** dialog box. This API displays a permission settings dialog box for a UIAbility/UIExtensionAbility to grant permissions the second time. 391e41f4b71Sopenharmony_ci 392e41f4b71Sopenharmony_ciBefore calling this API, the application must have called [requestPermissionsFromUser](#requestpermissionsfromuser9). If the user grants the permissions required when the authorization dialog box is displayed the first time, calling this API will not display the permission settings dialog box. 393e41f4b71Sopenharmony_ci 394e41f4b71Sopenharmony_ci> **NOTE** 395e41f4b71Sopenharmony_ci> 396e41f4b71Sopenharmony_ci> This API supports only UIAbilities/UIExtensionAbilities. 397e41f4b71Sopenharmony_ci 398e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 12. 399e41f4b71Sopenharmony_ci 400e41f4b71Sopenharmony_ci**Model restriction**: This API can be used only in the stage model. 401e41f4b71Sopenharmony_ci 402e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 403e41f4b71Sopenharmony_ci 404e41f4b71Sopenharmony_ci**Parameters** 405e41f4b71Sopenharmony_ci 406e41f4b71Sopenharmony_ci| Name| Type| Mandatory| Description| 407e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 408e41f4b71Sopenharmony_ci| context | [Context](js-apis-inner-application-context.md) | Yes| Context of the UIAbility/UIExtensionAbility that requests the permissions.| 409e41f4b71Sopenharmony_ci| permissionList | Array<Permissions> | Yes| Permissions to request. For details about the permissions, see [Application Permission Groups](../../security/AccessToken/app-permission-group-list.md).| 410e41f4b71Sopenharmony_ci 411e41f4b71Sopenharmony_ci**Return value** 412e41f4b71Sopenharmony_ci 413e41f4b71Sopenharmony_ci| Type | Description | 414e41f4b71Sopenharmony_ci| :------------ | :---------------------------------- | 415e41f4b71Sopenharmony_ci| Promise<Array<[GrantStatus](#grantstatus)>> | Promise used to return the permission grant state.| 416e41f4b71Sopenharmony_ci 417e41f4b71Sopenharmony_ci**Error codes** 418e41f4b71Sopenharmony_ci 419e41f4b71Sopenharmony_ciFor details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 420e41f4b71Sopenharmony_ci 421e41f4b71Sopenharmony_ci| ID| Error Message| 422e41f4b71Sopenharmony_ci| -------- | -------- | 423e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 424e41f4b71Sopenharmony_ci| 12100001 | Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 2. The permission list contains the permission that is not declared in the module.json file; 3. The permission list is invalid because the permissions in it do not belong to the same permission group. | 425e41f4b71Sopenharmony_ci| 12100010 | The request already exists. | 426e41f4b71Sopenharmony_ci| 12100011 | All permissions in the permission list have been granted. | 427e41f4b71Sopenharmony_ci| 12100012 | The permission list contains the permission that has not been revoked by the user. | 428e41f4b71Sopenharmony_ci 429e41f4b71Sopenharmony_ci**Example** 430e41f4b71Sopenharmony_ciFor details about how to obtain the context in the example, see [Obtaining the Context of UIAbility](../../application-models/uiability-usage.md#obtaining-the-context-of-uiability). 431e41f4b71Sopenharmony_ci 432e41f4b71Sopenharmony_ci```ts 433e41f4b71Sopenharmony_ciimport { abilityAccessCtrl, Context, common } from '@kit.AbilityKit'; 434e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 435e41f4b71Sopenharmony_ci 436e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 437e41f4b71Sopenharmony_cilet context: Context = getContext(this) as common.UIAbilityContext; 438e41f4b71Sopenharmony_ciatManager.requestPermissionOnSetting(context, ['ohos.permission.CAMERA']).then((data: Array<abilityAccessCtrl.GrantStatus>) => { 439e41f4b71Sopenharmony_ci console.info('data:' + JSON.stringify(data)); 440e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 441e41f4b71Sopenharmony_ci console.error('data:' + JSON.stringify(err)); 442e41f4b71Sopenharmony_ci}); 443e41f4b71Sopenharmony_ci``` 444e41f4b71Sopenharmony_ci 445e41f4b71Sopenharmony_ci### requestGlobalSwitch<sup>12+</sup> 446e41f4b71Sopenharmony_ci 447e41f4b71Sopenharmony_cirequestGlobalSwitch(context: Context, type: SwitchType): Promise<boolean> 448e41f4b71Sopenharmony_ci 449e41f4b71Sopenharmony_ciDisplays a dialog box for setting a global switch. 450e41f4b71Sopenharmony_ci 451e41f4b71Sopenharmony_ciWhen the features such as recording and photographing are disabled, the application can call this API to open the dialog box, asking the user to enable the related features. If the global switch is turned on, no dialog box will be displayed. 452e41f4b71Sopenharmony_ci 453e41f4b71Sopenharmony_ci> **NOTE** 454e41f4b71Sopenharmony_ci> 455e41f4b71Sopenharmony_ci> This API supports only UIAbilities/UIExtensionAbilities. 456e41f4b71Sopenharmony_ci 457e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 12. 458e41f4b71Sopenharmony_ci 459e41f4b71Sopenharmony_ci**Model restriction**: This API can be used only in the stage model. 460e41f4b71Sopenharmony_ci 461e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 462e41f4b71Sopenharmony_ci 463e41f4b71Sopenharmony_ci**Parameters** 464e41f4b71Sopenharmony_ci 465e41f4b71Sopenharmony_ci| Name| Type| Mandatory| Description| 466e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 467e41f4b71Sopenharmony_ci| context | [Context](js-apis-inner-application-context.md) | Yes| Context of the UIAbility/UIExtensionAbility.| 468e41f4b71Sopenharmony_ci| type | [SwitchType](#switchtype12) | Yes| Type of the global switch.| 469e41f4b71Sopenharmony_ci 470e41f4b71Sopenharmony_ci**Return value** 471e41f4b71Sopenharmony_ci 472e41f4b71Sopenharmony_ci| Type | Description | 473e41f4b71Sopenharmony_ci| :------------ | :---------------------------------- | 474e41f4b71Sopenharmony_ci| Promise<boolean> | Promise used to return the global switch status.| 475e41f4b71Sopenharmony_ci 476e41f4b71Sopenharmony_ci**Error codes** 477e41f4b71Sopenharmony_ci 478e41f4b71Sopenharmony_ciFor details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 479e41f4b71Sopenharmony_ci 480e41f4b71Sopenharmony_ci| ID| Error Message| 481e41f4b71Sopenharmony_ci| -------- | -------- | 482e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types. | 483e41f4b71Sopenharmony_ci| 12100001 | Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 2. The type of global switch is not support. | 484e41f4b71Sopenharmony_ci| 12100010 | The request already exists. | 485e41f4b71Sopenharmony_ci| 12100013 | The specific global switch is already open. | 486e41f4b71Sopenharmony_ci 487e41f4b71Sopenharmony_ci**Example** 488e41f4b71Sopenharmony_ciFor details about how to obtain the context in the example, see [Obtaining the Context of UIAbility](../../application-models/uiability-usage.md#obtaining-the-context-of-uiability). 489e41f4b71Sopenharmony_ci 490e41f4b71Sopenharmony_ci```ts 491e41f4b71Sopenharmony_ciimport { abilityAccessCtrl, Context, common } from '@kit.AbilityKit'; 492e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 493e41f4b71Sopenharmony_ci 494e41f4b71Sopenharmony_cilet atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager(); 495e41f4b71Sopenharmony_cilet context: Context = getContext(this) as common.UIAbilityContext; 496e41f4b71Sopenharmony_ciatManager.requestGlobalSwitch(context, abilityAccessCtrl.SwitchType.CAMERA).then((data: Boolean) => { 497e41f4b71Sopenharmony_ci console.info('data:' + JSON.stringify(data)); 498e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 499e41f4b71Sopenharmony_ci console.error('data:' + JSON.stringify(err)); 500e41f4b71Sopenharmony_ci}); 501e41f4b71Sopenharmony_ci``` 502e41f4b71Sopenharmony_ci 503e41f4b71Sopenharmony_ci### SwitchType<sup>12+</sup> 504e41f4b71Sopenharmony_ci 505e41f4b71Sopenharmony_ciEnumerates the global switch types. 506e41f4b71Sopenharmony_ci 507e41f4b71Sopenharmony_ci**Atomic service API**: This API can be used in atomic services since API version 12. 508e41f4b71Sopenharmony_ci 509e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.AccessToken 510e41f4b71Sopenharmony_ci 511e41f4b71Sopenharmony_ci| Name | Value| Description | 512e41f4b71Sopenharmony_ci| ------------------ | ----- | ----------- | 513e41f4b71Sopenharmony_ci| CAMERA | 0 | Global switch of the camera.| 514e41f4b71Sopenharmony_ci| MICROPHONE | 1 | Global switch of the microphone.| 515e41f4b71Sopenharmony_ci| LOCATION | 2 | Global switch of the location service.| 516