1# Account Management Overview
2
3## Introduction
4
5The system allows multiple system (OS) accounts to be created on a device. This allows multiple users to use the same device. The data of multiple users is isolated by system account to ensure data security.
6
7## Basic Concepts
8
9Users are identified by accounts. A user can have multiple accounts. The **account** module manages the following types of accounts:
10
11- System account: unique identifier of a user on a device.
12
13- Domain account: unique identifier of a user in a specific domain, such as a company or school.
14
15- Distributed account: identifier of a user on a distributed network. It is provisioned, authenticated, and maintained by an organization or authority and can be used for authentication, networking, and service invocation between devices.
16
17- Application account: unique identifier of an application user. Its lifecycle is managed by the application.
18
19## Relationships Between Accounts
20
21![account_er](figures/account_er.png)
22
23The **account** module uses the system account as the core for account management, in which other types of accounts are related to the system account in one way or another.
24
25- The domain account and the system account are in one-to-one (1:1) relationship, and have the same lifecycle.
26- The distributed account and the system account are in one-to-many (1:N) relationship. A user can bind a distributed account to a system account. Different system accounts can have the same distributed account. The lifecycle of a distributed account is independent of that of a system account.
27- The application account and the system account are in many-to-many (N:M) relationship. A user can have multiple application accounts under different system accounts. Different system accounts can have the same application account. The lifecycle of an application account is independent of that of a system account.
28- There is no direct relationship between the domain account, distributed account, and application account.
29
30When a system account is deleted, the associated domain account, distributed account, and application accounts are also deleted.