HarmonyOS Development: Authorization Method of Rights Management
Foreword
this paper is based on api13.
In the previous article, I gave a brief overview of rights management and also learned how to declare rights. In fact, there is another knowledge point to master about rights management, that is, the authorization method of rights.
We know that the core mechanism of rights management is to ensure user privacy and data security. According to different authorization methods, Hongmeng is divided into two modes: system_grant (system authorization) and user_grant (user authorization). In actual development, we should choose the appropriate authorization method according to the sensitivity of rights and usage scenarios.
Basic concepts
system_grant (system authorization)
the system authorization authority is automatically granted by the system when the application is installed without manual operation by the user. It is characterized by low sensitivity and usually involves permissions that have less impact on user privacy or device security, such as network access and background operation. Another feature is silent granting, which is imperceptible to users and requires no additional processing of authorization logic by developers.
Sample Permissions
Ohos.permission.INTERNET (Network Access)
Ohos. permission. KEEP_SACKGIND_RUNNING (keep running in the background)
user_grant (user authorization)
the user authorization permission needs to be manually authorized by the user through the pop-up window when the application is running. The user can choose to allow or refuse. Its main feature is high sensitivity, such as involving user privacy or sensitive functions of the device, such as location, camera, microphone, etc. Another feature is explicit interaction, that is, user consent must be obtained through the pop-up window of the system, and the user can revoke authorization in the settings at any time. The last feature is, the application must be made dynamically. You need to call the API in the code to trigger the authorization request and process the authorization result.
Sample Permissions
Ohos. permission. Localization (Get Location)
Ohos.permission.CAMERA (Access Camera)
main differences
| Dimension | system_grant | user_grant |
|---|---|---|
| authorization timing | automatically granted on installation | run-time dynamic application |
| user perception | no perception | proactively confirm the pop-up window |
| permission sensitivity | low | high |
| use Scenario | permissions required for basic functions | permissions required for sensitive functions |
| code processing | no runtime logic required | call the API and process the result |
| revocation Method | users need to uninstall the application | user can turn off at any time in settings |
select strategy
judgment of permission sensitivity
system_grant is preferred : If the permission does not involve user privacy, such as network request and reading device model, it is directly declared as system authorization.
You must use user_grant : If the permission may disclose user data such as address book, location, camera, etc., user authorization must be applied dynamically.
Follow the principle of least privilege
apply for only necessary permissions: Avoid over-requesting permissions, such as weather applications without microphone permissions.
Application by stages : Apply for the corresponding permission when the user triggers a sensitive operation, such as requesting the camera permission when scanning the code.
Code Implementation Specification
claim Permissions : in module.json5 to declare the required permissions in the file:
{
"module": {
"requestPermissions": [
{
"name": "ohos.permission.MICROPHONE",
"reason": "$string:reason",
"usedScene": {
"abilities": [
"EntryAbility"
],
"when": "always"
}
}
]
}
}
apply for user_grant permissions dynamically
import abilityAccessCtrl from '@ohos.abilityAccessCtrl';
//Check permission status
let atManager = abilityAccessCtrl.createAtManager()
let permissions: Permissions[] = ['ohos.permission.CAMERA']
atManager.requestPermissionsFromUser(this.context, permissions, (err, data) => {
if (err) {
Console. error ('permission request failed');
} else if (data.authResults[0] === 0) {
Console.info ('user authorized');
} else {
//Dealing with user rejection scenarios
}
});
user Experience Optimization
explain the purpose of permissions : Before applying for permission, explain the necessity of permission through a pop-up window or UI prompt, such as the need to access the location to provide nearby services.
Compatible reject scenario : If the user refuses to authorize, a degraded function shall be provided (e. G. Manual address input instead of automatic positioning).
Related Summary
in actual application development, reasonable selection of system_grant and user_grant is the key to balance function implementation and user privacy. system_grant is suitable for basic functions and simplifies the development process. user_grant is used for sensitive operations and needs to pay attention to user experience and privacy compliance.
Another point is that when managing rights, the principle of least authority should be strictly followed, combined with dynamic application and clear user guidance, not only to ensure functional integrity, but also to avoid bringing bad experience to users.
Remember, permission is only applied when it is used, do not apply in advance, and it is prohibited in the project. Abuse of permissions, otherwise the application may be removed from the shelf.
