Android Enterprise app permissions
You can configure how requests to Android Enterprise apps, that are within work profiles, handle what Google calls “dangerous” permissions. You control whether the user is prompted to grant or deny the permission request from the app. This feature applies to devices running Android 7.0 and later.
Google defines dangerous permissions as permissions that give the app access to data or resources that involve the user’s private information or could potentially affect the user’s stored data or the operation of other apps. For example, the ability to read the user’s contacts is a dangerous permission.
You can configure a global state that controls the behavior of all dangerous permission requests to Android Enterprise apps within work profiles. You can also control the behavior of dangerous permission request for individual permission groups, as defined by Google, for each app. These individual settings override the global state.
For information on how Google defines permission groups, see “Permission groups” in thisAndroid developers guide.
By default, users are prompted to grant of deny dangerous permission requests.
To add or configure this policy, go toConfigure > Device Policies. For more information, seeDevice policies.
Android Enterprise settings
- Global State:Controls the behavior of all dangerous permission requests. In the list, clickPrompt,Grant,orDeny.
- Prompt:用户prompted to grant or deny dangerous permission requests.
- Grant:All dangerous permission requests are granted. The user is not prompted.
- Deny:All dangerous permission requests are denied. The user is not prompted.
Default isPrompt.
- Set an individual behavior for each permission group, for each app. To configure the behavior for a permission group: ClickAddand then underApp, choose an app from the list. If you configure Android Enterprise system apps, clickAdd newand enter the application package name you enabled in the Restrictions device policy. Under Grant State, choosePrompt,Grant,, orDeny. This grant state overrides the global state.
- Prompt:用户prompted to grant or deny dangerous permission requests from this permission group for this app.
- Grant:Dangerous permission requests from this permission group for this app are granted. The user is not prompted.
- Deny:Dangerous permission requests from this permission group for this app are denied. The user is not prompted.
Default isPrompt.
- ClickSavenext to the app and grant state.
- To add more apps for the permission group, clickAddagain and repeat these steps.
- When you have finished setting grant states for all permission groups you want to, clickNext.