# @ohos.enterprise.accountManager (Account Management) (System API)
The **accountManager** module provides APIs for account management of enterprise devices.
> **NOTE**
>
> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version.
>
> - The APIs of this module can be used only in the stage model.
>
> - The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is [enabled](js-apis-enterprise-adminManager-sys.md#adminmanagerenableadmin).
>
> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.enterprise.accountManager](js-apis-enterprise-accountManager.md).
## Modules to Import
```ts
import { accountManager } from '@kit.MDMKit';
```
## accountManager.disallowAddLocalAccount
disallowAddLocalAccount(admin: Want, disallow: boolean, callback: AsyncCallback<void>): void
Disallows a device administrator application to create local user accounts. This API uses an asynchronous callback to return the result.
**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory | Description |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| disallow | boolean | Yes | Whether to forbid the creation of local user accounts. The value **true** means to forbid the creation of local user accounts, and the value **false** means the opposite. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **null**. Otherwise, **err** is an error object. |
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 202 | Permission verification failed. A non-system application calls a system API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility',
};
accountManager.disallowAddLocalAccount(wantTemp, true, (err) => {
if (err) {
console.error(`Failed to disallow add local account. Code: ${err.code}, message: ${err.message}`);
return;
}
console.info('Succeeded in disallowing add local account');
});
```
## accountManager.disallowAddLocalAccount
disallowAddLocalAccount(admin: Want, disallow: boolean): Promise<void>
Disallows a device administrator application to create local user accounts. This API uses a promise to return the result.
**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory | Description |
| ----- | ----------------------------------- | ---- | ------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application.|
| disallow | boolean | Yes | Whether to forbid the creation of local user accounts. The value **true** means to forbid the creation of local user accounts, and the value **false** means the opposite. |
**Return value**
| Type | Description |
| --------------------- | ------------------------- |
| Promise<void> | Promise that returns no value. An error object will be thrown if the operation fails.|
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 202 | Permission verification failed. A non-system application calls a system API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let wantTemp: Want = {
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility',
};
accountManager.disallowAddLocalAccount(wantTemp, true).then(() => {
console.info('Succeeded in disallowing add local account');
}).catch((err: BusinessError) => {
console.error(`Failed to disallow add local account. Code: ${err.code}, message: ${err.message}`);
});
```
## accountManager.disallowAddOsAccountByUser11+
disallowAddOsAccountByUser(admin: Want, userId: number, disallow: boolean): void
Disallows a user to add system accounts through the specified device administrator application.
**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------------------------------- | ---- | ----------------------------------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| userId | number | Yes | User ID, which must be greater than or equal to 0. |
| disallow | boolean | Yes | Whether to disallow the user to add system accounts. The value **true** means to disallow the user to add system accounts; the value **false** means the opposite.|
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 202 | Permission verification failed. A non-system application calls a system API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility',
};
try {
accountManager.disallowAddOsAccountByUser(wantTemp, 100, true);
console.info(`Succeeded in disallowing user add os account`);
} catch (err) {
console.error(`Failed to disallow user add os account. Code: ${err.code}, message: ${err.message}`);
}
```
## accountManager.isAddOsAccountByUserDisallowed11+
isAddOsAccountByUserDisallowed(admin: Want, userId: number): boolean
Checks whether a user is not allowed to add system accounts through the specified device administrator application.
**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name| Type | Mandatory| Description |
| ------ | ----------------------------------- | ---- | ------------------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| userId | number | Yes | User ID, which must be greater than or equal to 0.|
**Return value**
| Type | Description |
| ------- | ------------------------------------------------------------ |
| boolean | Returns **true** if the user is not allowed to add system accounts; returns **false** otherwise.|
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 202 | Permission verification failed. A non-system application calls a system API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility',
};
try {
let isDisallowed: boolean = accountManager.isAddOsAccountByUserDisallowed(wantTemp, 100);
console.info(`Succeeded in querying the user can add os account or not: ${isDisallowed}`);
} catch (err) {
console.error(`Failed to query the user can add os account or not. Code: ${err.code}, message: ${err.message}`);
}
```
## accountManager.addOsAccount11+
addOsAccount(admin: Want, name: string, type: osAccount.OsAccountType): osAccount.OsAccountInfo
Adds a system account in the background through the specified device administrator application.
**Required permissions**: ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name| Type | Mandatory| Description |
| ------ | ------------------------------------------------------------ | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| name | string | Yes | User ID, which must be greater than or equal to 0. |
| type | [osAccount.OsAccountType](../apis-basic-services-kit/js-apis-osAccount.md#osaccounttype) | Yes | Type of the account to add.
The value can be any of the following:
· **ADMIN**: administrator account.
· **NORMAL**: normal account.
· **GUEST**: guest account.|
**Return value**
| Type | Description |
| ------------------------------------------------------------ | -------------------- |
| [osAccount.OsAccountInfo](../apis-basic-services-kit/js-apis-osAccount.md#osaccounttype) | Information about the account added.|
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9201003 | Failed to add an OS account. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 202 | Permission verification failed. A non-system application calls a system API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
import { osAccount } from '@kit.BasicServicesKit';
let wantTemp: Want = {
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility',
};
try {
let info: osAccount.OsAccountInfo = accountManager.addOsAccount(wantTemp, "TestAccountName", osAccount.OsAccountType.NORMAL);
console.info(`Succeeded in creating os account: ${JSON.stringify(info)}`);
} catch (err) {
console.error(`Failed to creating os account. Code: ${err.code}, message: ${err.message}`);
}
```