1e41f4b71Sopenharmony_ci# @ohos.enterprise.accountManager (Account Management) (System API) 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ciThe **accountManager** module provides APIs for account management of enterprise devices. 4e41f4b71Sopenharmony_ci 5e41f4b71Sopenharmony_ci> **NOTE** 6e41f4b71Sopenharmony_ci> 7e41f4b71Sopenharmony_ci> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8e41f4b71Sopenharmony_ci> 9e41f4b71Sopenharmony_ci> - The APIs of this module can be used only in the stage model. 10e41f4b71Sopenharmony_ci> 11e41f4b71Sopenharmony_ci> - The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is [enabled](js-apis-enterprise-adminManager-sys.md#adminmanagerenableadmin). 12e41f4b71Sopenharmony_ci> 13e41f4b71Sopenharmony_ci> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.enterprise.accountManager](js-apis-enterprise-accountManager.md). 14e41f4b71Sopenharmony_ci 15e41f4b71Sopenharmony_ci## Modules to Import 16e41f4b71Sopenharmony_ci 17e41f4b71Sopenharmony_ci```ts 18e41f4b71Sopenharmony_ciimport { accountManager } from '@kit.MDMKit'; 19e41f4b71Sopenharmony_ci``` 20e41f4b71Sopenharmony_ci 21e41f4b71Sopenharmony_ci## accountManager.disallowAddLocalAccount 22e41f4b71Sopenharmony_ci 23e41f4b71Sopenharmony_cidisallowAddLocalAccount(admin: Want, disallow: boolean, callback: AsyncCallback<void>): void 24e41f4b71Sopenharmony_ci 25e41f4b71Sopenharmony_ciDisallows a device administrator application to create local user accounts. This API uses an asynchronous callback to return the result. 26e41f4b71Sopenharmony_ci 27e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 28e41f4b71Sopenharmony_ci 29e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ci 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci**Parameters** 34e41f4b71Sopenharmony_ci 35e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 36e41f4b71Sopenharmony_ci| -------- | ---------------------------------------- | ---- | ------------------------------- | 37e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 38e41f4b71Sopenharmony_ci| disallow | boolean | Yes | Whether to forbid the creation of local user accounts. The value **true** means to forbid the creation of local user accounts, and the value **false** means the opposite. | 39e41f4b71Sopenharmony_ci| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **null**. Otherwise, **err** is an error object. | 40e41f4b71Sopenharmony_ci 41e41f4b71Sopenharmony_ci**Error codes** 42e41f4b71Sopenharmony_ci 43e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ci| ID| Error Message | 46e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- | 47e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 48e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 49e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 50e41f4b71Sopenharmony_ci| 202 | Permission verification failed. A non-system application calls a system API. | 51e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 52e41f4b71Sopenharmony_ci 53e41f4b71Sopenharmony_ci**Example** 54e41f4b71Sopenharmony_ci 55e41f4b71Sopenharmony_ci```ts 56e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 57e41f4b71Sopenharmony_cilet wantTemp: Want = { 58e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 59e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 60e41f4b71Sopenharmony_ci}; 61e41f4b71Sopenharmony_ci 62e41f4b71Sopenharmony_ciaccountManager.disallowAddLocalAccount(wantTemp, true, (err) => { 63e41f4b71Sopenharmony_ci if (err) { 64e41f4b71Sopenharmony_ci console.error(`Failed to disallow add local account. Code: ${err.code}, message: ${err.message}`); 65e41f4b71Sopenharmony_ci return; 66e41f4b71Sopenharmony_ci } 67e41f4b71Sopenharmony_ci console.info('Succeeded in disallowing add local account'); 68e41f4b71Sopenharmony_ci}); 69e41f4b71Sopenharmony_ci``` 70e41f4b71Sopenharmony_ci 71e41f4b71Sopenharmony_ci## accountManager.disallowAddLocalAccount 72e41f4b71Sopenharmony_ci 73e41f4b71Sopenharmony_cidisallowAddLocalAccount(admin: Want, disallow: boolean): Promise<void> 74e41f4b71Sopenharmony_ci 75e41f4b71Sopenharmony_ciDisallows a device administrator application to create local user accounts. This API uses a promise to return the result. 76e41f4b71Sopenharmony_ci 77e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 78e41f4b71Sopenharmony_ci 79e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 80e41f4b71Sopenharmony_ci 81e41f4b71Sopenharmony_ci 82e41f4b71Sopenharmony_ci 83e41f4b71Sopenharmony_ci**Parameters** 84e41f4b71Sopenharmony_ci 85e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 86e41f4b71Sopenharmony_ci| ----- | ----------------------------------- | ---- | ------- | 87e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application.| 88e41f4b71Sopenharmony_ci| disallow | boolean | Yes | Whether to forbid the creation of local user accounts. The value **true** means to forbid the creation of local user accounts, and the value **false** means the opposite. | 89e41f4b71Sopenharmony_ci 90e41f4b71Sopenharmony_ci**Return value** 91e41f4b71Sopenharmony_ci 92e41f4b71Sopenharmony_ci| Type | Description | 93e41f4b71Sopenharmony_ci| --------------------- | ------------------------- | 94e41f4b71Sopenharmony_ci| Promise<void> | Promise that returns no value. An error object will be thrown if the operation fails.| 95e41f4b71Sopenharmony_ci 96e41f4b71Sopenharmony_ci**Error codes** 97e41f4b71Sopenharmony_ci 98e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 99e41f4b71Sopenharmony_ci 100e41f4b71Sopenharmony_ci| ID| Error Message | 101e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- | 102e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 103e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 104e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 105e41f4b71Sopenharmony_ci| 202 | Permission verification failed. A non-system application calls a system API. | 106e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 107e41f4b71Sopenharmony_ci 108e41f4b71Sopenharmony_ci**Example** 109e41f4b71Sopenharmony_ci 110e41f4b71Sopenharmony_ci```ts 111e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 112e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 113e41f4b71Sopenharmony_cilet wantTemp: Want = { 114e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 115e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 116e41f4b71Sopenharmony_ci}; 117e41f4b71Sopenharmony_ci 118e41f4b71Sopenharmony_ciaccountManager.disallowAddLocalAccount(wantTemp, true).then(() => { 119e41f4b71Sopenharmony_ci console.info('Succeeded in disallowing add local account'); 120e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 121e41f4b71Sopenharmony_ci console.error(`Failed to disallow add local account. Code: ${err.code}, message: ${err.message}`); 122e41f4b71Sopenharmony_ci}); 123e41f4b71Sopenharmony_ci``` 124e41f4b71Sopenharmony_ci 125e41f4b71Sopenharmony_ci## accountManager.disallowAddOsAccountByUser<sup>11+</sup> 126e41f4b71Sopenharmony_ci 127e41f4b71Sopenharmony_cidisallowAddOsAccountByUser(admin: Want, userId: number, disallow: boolean): void 128e41f4b71Sopenharmony_ci 129e41f4b71Sopenharmony_ciDisallows a user to add system accounts through the specified device administrator application. 130e41f4b71Sopenharmony_ci 131e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 132e41f4b71Sopenharmony_ci 133e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 134e41f4b71Sopenharmony_ci 135e41f4b71Sopenharmony_ci 136e41f4b71Sopenharmony_ci 137e41f4b71Sopenharmony_ci**Parameters** 138e41f4b71Sopenharmony_ci 139e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 140e41f4b71Sopenharmony_ci| -------- | ----------------------------------- | ---- | ----------------------------------------------------------- | 141e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 142e41f4b71Sopenharmony_ci| userId | number | Yes | User ID, which must be greater than or equal to 0. | 143e41f4b71Sopenharmony_ci| disallow | boolean | Yes | Whether to disallow the user to add system accounts. The value **true** means to disallow the user to add system accounts; the value **false** means the opposite.| 144e41f4b71Sopenharmony_ci 145e41f4b71Sopenharmony_ci**Error codes** 146e41f4b71Sopenharmony_ci 147e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 148e41f4b71Sopenharmony_ci 149e41f4b71Sopenharmony_ci| ID| Error Message | 150e41f4b71Sopenharmony_ci| -------- | ------------------------------------------------------------ | 151e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 152e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 153e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 154e41f4b71Sopenharmony_ci| 202 | Permission verification failed. A non-system application calls a system API. | 155e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 156e41f4b71Sopenharmony_ci 157e41f4b71Sopenharmony_ci**Example** 158e41f4b71Sopenharmony_ci 159e41f4b71Sopenharmony_ci```ts 160e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 161e41f4b71Sopenharmony_cilet wantTemp: Want = { 162e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 163e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 164e41f4b71Sopenharmony_ci}; 165e41f4b71Sopenharmony_ci 166e41f4b71Sopenharmony_citry { 167e41f4b71Sopenharmony_ci accountManager.disallowAddOsAccountByUser(wantTemp, 100, true); 168e41f4b71Sopenharmony_ci console.info(`Succeeded in disallowing user add os account`); 169e41f4b71Sopenharmony_ci} catch (err) { 170e41f4b71Sopenharmony_ci console.error(`Failed to disallow user add os account. Code: ${err.code}, message: ${err.message}`); 171e41f4b71Sopenharmony_ci} 172e41f4b71Sopenharmony_ci``` 173e41f4b71Sopenharmony_ci 174e41f4b71Sopenharmony_ci## accountManager.isAddOsAccountByUserDisallowed<sup>11+</sup> 175e41f4b71Sopenharmony_ci 176e41f4b71Sopenharmony_ciisAddOsAccountByUserDisallowed(admin: Want, userId: number): boolean 177e41f4b71Sopenharmony_ci 178e41f4b71Sopenharmony_ciChecks whether a user is not allowed to add system accounts through the specified device administrator application. 179e41f4b71Sopenharmony_ci 180e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 181e41f4b71Sopenharmony_ci 182e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 183e41f4b71Sopenharmony_ci 184e41f4b71Sopenharmony_ci 185e41f4b71Sopenharmony_ci 186e41f4b71Sopenharmony_ci**Parameters** 187e41f4b71Sopenharmony_ci 188e41f4b71Sopenharmony_ci| Name| Type | Mandatory| Description | 189e41f4b71Sopenharmony_ci| ------ | ----------------------------------- | ---- | ------------------------------------------- | 190e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 191e41f4b71Sopenharmony_ci| userId | number | Yes | User ID, which must be greater than or equal to 0.| 192e41f4b71Sopenharmony_ci 193e41f4b71Sopenharmony_ci**Return value** 194e41f4b71Sopenharmony_ci 195e41f4b71Sopenharmony_ci| Type | Description | 196e41f4b71Sopenharmony_ci| ------- | ------------------------------------------------------------ | 197e41f4b71Sopenharmony_ci| boolean | Returns **true** if the user is not allowed to add system accounts; returns **false** otherwise.| 198e41f4b71Sopenharmony_ci 199e41f4b71Sopenharmony_ci**Error codes** 200e41f4b71Sopenharmony_ci 201e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 202e41f4b71Sopenharmony_ci 203e41f4b71Sopenharmony_ci| ID| Error Message | 204e41f4b71Sopenharmony_ci| -------- | ------------------------------------------------------------ | 205e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 206e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 207e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 208e41f4b71Sopenharmony_ci| 202 | Permission verification failed. A non-system application calls a system API. | 209e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 210e41f4b71Sopenharmony_ci 211e41f4b71Sopenharmony_ci**Example** 212e41f4b71Sopenharmony_ci 213e41f4b71Sopenharmony_ci```ts 214e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 215e41f4b71Sopenharmony_cilet wantTemp: Want = { 216e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 217e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 218e41f4b71Sopenharmony_ci}; 219e41f4b71Sopenharmony_ci 220e41f4b71Sopenharmony_citry { 221e41f4b71Sopenharmony_ci let isDisallowed: boolean = accountManager.isAddOsAccountByUserDisallowed(wantTemp, 100); 222e41f4b71Sopenharmony_ci console.info(`Succeeded in querying the user can add os account or not: ${isDisallowed}`); 223e41f4b71Sopenharmony_ci} catch (err) { 224e41f4b71Sopenharmony_ci console.error(`Failed to query the user can add os account or not. Code: ${err.code}, message: ${err.message}`); 225e41f4b71Sopenharmony_ci} 226e41f4b71Sopenharmony_ci``` 227e41f4b71Sopenharmony_ci 228e41f4b71Sopenharmony_ci## accountManager.addOsAccount<sup>11+</sup> 229e41f4b71Sopenharmony_ci 230e41f4b71Sopenharmony_ciaddOsAccount(admin: Want, name: string, type: osAccount.OsAccountType): osAccount.OsAccountInfo 231e41f4b71Sopenharmony_ci 232e41f4b71Sopenharmony_ciAdds a system account in the background through the specified device administrator application. 233e41f4b71Sopenharmony_ci 234e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY 235e41f4b71Sopenharmony_ci 236e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 237e41f4b71Sopenharmony_ci 238e41f4b71Sopenharmony_ci 239e41f4b71Sopenharmony_ci 240e41f4b71Sopenharmony_ci**Parameters** 241e41f4b71Sopenharmony_ci 242e41f4b71Sopenharmony_ci| Name| Type | Mandatory| Description | 243e41f4b71Sopenharmony_ci| ------ | ------------------------------------------------------------ | ---- | ------------------------------------------------------------ | 244e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 245e41f4b71Sopenharmony_ci| name | string | Yes | User ID, which must be greater than or equal to 0. | 246e41f4b71Sopenharmony_ci| type | [osAccount.OsAccountType](../apis-basic-services-kit/js-apis-osAccount.md#osaccounttype) | Yes | Type of the account to add.<br>The value can be any of the following:<br>· **ADMIN**: administrator account.<br>· **NORMAL**: normal account.<br>· **GUEST**: guest account.| 247e41f4b71Sopenharmony_ci 248e41f4b71Sopenharmony_ci**Return value** 249e41f4b71Sopenharmony_ci 250e41f4b71Sopenharmony_ci| Type | Description | 251e41f4b71Sopenharmony_ci| ------------------------------------------------------------ | -------------------- | 252e41f4b71Sopenharmony_ci| [osAccount.OsAccountInfo](../apis-basic-services-kit/js-apis-osAccount.md#osaccounttype) | Information about the account added.| 253e41f4b71Sopenharmony_ci 254e41f4b71Sopenharmony_ci**Error codes** 255e41f4b71Sopenharmony_ci 256e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 257e41f4b71Sopenharmony_ci 258e41f4b71Sopenharmony_ci| ID| Error Message | 259e41f4b71Sopenharmony_ci| -------- | ------------------------------------------------------------ | 260e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 261e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 262e41f4b71Sopenharmony_ci| 9201003 | Failed to add an OS account. | 263e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 264e41f4b71Sopenharmony_ci| 202 | Permission verification failed. A non-system application calls a system API. | 265e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 266e41f4b71Sopenharmony_ci 267e41f4b71Sopenharmony_ci**Example** 268e41f4b71Sopenharmony_ci 269e41f4b71Sopenharmony_ci```ts 270e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 271e41f4b71Sopenharmony_ciimport { osAccount } from '@kit.BasicServicesKit'; 272e41f4b71Sopenharmony_cilet wantTemp: Want = { 273e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 274e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 275e41f4b71Sopenharmony_ci}; 276e41f4b71Sopenharmony_ci 277e41f4b71Sopenharmony_citry { 278e41f4b71Sopenharmony_ci let info: osAccount.OsAccountInfo = accountManager.addOsAccount(wantTemp, "TestAccountName", osAccount.OsAccountType.NORMAL); 279e41f4b71Sopenharmony_ci console.info(`Succeeded in creating os account: ${JSON.stringify(info)}`); 280e41f4b71Sopenharmony_ci} catch (err) { 281e41f4b71Sopenharmony_ci console.error(`Failed to creating os account. Code: ${err.code}, message: ${err.message}`); 282e41f4b71Sopenharmony_ci} 283e41f4b71Sopenharmony_ci``` 284