# @ohos.enterprise.restrictions (Restrictions)
This **restrictions** module provides APIs for disallowing general features of devices. You can globally disable or enable the features such as Bluetooth, HDC, USB, and Wi-Fi.
> **NOTE**
>
> The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version.
>
> The APIs of this module can be used only in the stage model.
>
> The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is enabled.
## Modules to Import
```ts
import { restrictions } from '@kit.MDMKit';
```
## restrictions.setDisallowedPolicy
setDisallowedPolicy(admin: Want, feature: string, disallow: boolean): void
Disallows a feature.
**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| feature | string | Yes | Feature to set.
- **bluetooth**: Bluetooth capability of the device.
- **modifyDateTime**: capability of modifying the system time. Currently, this feature is available only for 2-in-1 devices.
- **printer**: printing capability. Currently, this feature is available only for 2-in-1 devices.
- **hdc**: OpenHarmony Device Connector (hdc).
- **microphone**: microphone capability of the device.
- **fingerprint**: fingerprint authentication capability of the device.
- **usb**: USB capability of the device. After this feature is disabled, USB devices cannot be used.
- **wifi**: Wi-Fi capability of the device.
- **tethering**14+: network sharing capability.
- **inactiveUserFreeze**14+: capability of freezing inactive users. When the system switches to the enterprise space user, the personal space users are inactive users. |
| disallow | boolean | Yes | Whether to disallow the feature. The value **true** means to disallow the feature; the value **false** means the opposite. |
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
restrictions.setDisallowedPolicy(wantTemp, 'printer', true);
console.info('Succeeded in setting printer disabled');
} catch (err) {
console.error(`Failed to set printer disabled. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.getDisallowedPolicy
getDisallowedPolicy(admin: Want, feature: string): boolean
Obtains the status of a feature.
**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| feature | string | Yes | Name of the feature, whose status is to be obtained.
- **bluetooth**: Bluetooth capability of the device.
- **modifyDateTime**: capability of modifying the system time. Currently, this feature is available only for 2-in-1 devices.
- **printer**: printing capability. Currently, this feature is available only for 2-in-1 devices.
- **hdc**: OpenHarmony Device Connector (hdc).
- **microphone**: microphone capability of the device.
- **fingerprint**: fingerprint authentication capability of the device.
- **usb**: USB capability of the device. After this feature is disabled, USB devices cannot be used.
- **wifi**: Wi-Fi capability of the device.
- **tethering**14+: network sharing capability.
- **inactiveUserFreeze**14+: capability of freezing inactive users. Currently, this feature is available only for 2-in-1 devices. When the system switches to the enterprise space user, the personal space users are inactive users. |
**Return value**
| Type | Description |
| ------- | ------------------------------------------------------------ |
| boolean | Returns **true** if the feature is disallowed; returns **false** otherwise.|
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
let result: boolean = restrictions.getDisallowedPolicy(wantTemp, 'printer');
console.info(`Succeeded in querying is the printing function disabled : ${result}`);
} catch (err) {
console.error(`Failed to set printer disabled. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.setDisallowedPolicyForAccount14+
setDisallowedPolicyForAccount(admin: Want, feature: string, disallow: boolean, accountId: number): void
Allows or disallows a feature for a user.
**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| feature | string | Yes | Feature to set.
- **fingerprint**: fingerprint authentication capability of the device.|
| disallow | boolean | Yes | Whether to disallow the feature. The value **true** means to disallow the feature; the value **false** means the opposite. |
| accountId | number | Yes | User ID, which must be greater than or equal to 0. |
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200010 | A conflict policy has been configured. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
restrictions.setDisallowedPolicyForAccount(wantTemp, 'fingerprint', true, 100);
console.info('Succeeded in setting fingerprint disabled');
} catch (err) {
console.error(`Failed to set fingerprint disabled. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.getDisallowedPolicyForAccount14+
getDisallowedPolicyForAccount(admin: Want, feature: string, accountId: number): boolean
Obtains the feature status for a user.
**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| feature | string | Yes | Feature whose status is to be obtained.
- **fingerprint**: fingerprint authentication capability of the device.|
| accountId | number | Yes | User ID, which must be greater than or equal to 0. |
**Return value**
| Type | Description |
| ------- | ------------------------------------------------------------ |
| boolean | Returns **true** if the specified feature is disabled; returns **false** otherwise.|
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
let result: boolean = restrictions.getDisallowedPolicyForAccount(wantTemp, 'fingerprint', 100);
console.info(`Succeeded in querying is the fingerprint function disabled : ${result}`);
} catch (err) {
console.error(`Failed to set fingerprint disabled. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.addDisallowedListForAccount14+
addDisallowedListForAccount(admin: Want, feature: string, list: Array\, accountId: number): void
Adds a disallowed feature list for a user.
**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| feature | string | Yes | Feature name.
- **snapshotSkip**: skips the screen snapshots.|
| list | Array\ | Yes | List of content such as the bundle names. |
| accountId | number | Yes | User ID, which must be greater than or equal to 0. |
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. | |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
let valueList:Array = ["com.xx.aa.", "com.xx.bb"];
try {
restrictions.addDisallowedListForAccount(wantTemp, 'snapshotSkip', valueList, 100);
console.info('Succeeded in adding disallowed snapshotSkip feature');
} catch (err) {
console.error(`Failed to add disallowed snapshotSkip feature. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.removeDisallowedListForAccount14+
removeDisallowedListForAccount(admin: Want, feature: string, list: Array\, accountId: number): void
Removes a disallowed feature list for a user.
**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| feature | string | Yes | Feature name.
- **snapshotSkip**: skips the screen snapshots.|
| list | Array\ | Yes | List of content such as the bundle names. |
| accountId | number | Yes | User ID, which must be greater than or equal to 0. |
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. | |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
let valueList:Array = ["com.xx.aa.", "com.xx.bb"];
try {
restrictions.removeDisallowedListForAccount(wantTemp, 'snapshotSkip', valueList, 100);
console.info('Succeeded in removing disallowed snapshotSkip feature');
} catch (err) {
console.error(`Failed to remove disallowed snapshotSkip feature. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.getDisallowedListForAccount14+
getDisallowedListForAccount(admin: Want, feature: string, accountId: number): Array\
Obtains the disallowed feature list of a user.
**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. |
| feature | string | Yes | Feature name.
- **snapshotSkip**: skips the screen snapshots.|
| accountId | number | Yes | User ID, which must be greater than or equal to 0. |
**Return value**
| Type | Description |
| ------- | ------------------------------------------------------------ |
| Array\ | Disallowed feature list obtained.|
**Error codes**
For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
| ID| Error Message |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**Example**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
let result: Array = restrictions.getDisallowedListForAccount(wantTemp, 'snapshotSkip', 100);
console.info('Succeeded in querying disallowed list for account');
} catch (err) {
console.error(`Failed to query disallowed list for account. Code is ${err.code}, message is ${err.message}`);
}
```