Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
Description

Restrict different functions on the user's device using this REST API. When adding a policy you will have the option of saving the user restriction policy or saving and publishing the user restriction policy.

Info

For a better understanding on how this works via the EMM console, see Adding a Policy.

Resource Path
  • Adding a policy that is in the inactive state /inactive-policy.
  • Adding a policy that is in the active state /active-policy.
URL/mdm-admin/policies/inactive-policy or /mdm-admin/policies/active-policy
HTTP MethodPOST
Request/Response Formatapplication/json
cURL command
Code Block
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/active-policy
  • For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
  • Define the path to the JSON file, which includes the required properties to add a policy as the as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
  • By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
  • By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

Code Block
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/active-policy
 Sample output
Code Block
> POST /mdm-admin/policies/inactive-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 420
< HTTP/1.1 201 Created
< Date: Thu, 25 Feb 2016 06:30:18 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}
Anchor
sample
sample
Sample JSON Definition 
Code Block
{
  "policyName": "restriction_policy",
  "description": "Add restriction on the devices that have the settings application installed.",
  "compliance": "enforce",
  "ownershipType": "ANY",
  "profile": {
    "profileName": "restriction_policy",
    "deviceType": {
      "id": 1
    },
    "profileFeaturesList": [
      {
        "featureCode": "CAMERA",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_ADJUST_VOLUME",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_BLUETOOTH",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_CELL_BROADCASTS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_CREDENTIALS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_MOBILE_NETWORKS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_TETHERING",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_VPN",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_WIFI",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_APPS_CONTROL",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CREATE_WINDOWS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CROSS_PROFILE_COPY_PASTE",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_DEBUGGING_FEATURES",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_FACTORY_RESET",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_ADD_USER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_INSTALL_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_INSTALL_UNKNOWN_SOURCES",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_MODIFY_ACCOUNTS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_MOUNT_PHYSICAL_MEDIA",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_NETWORK_RESET",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_OUTGOING_BEAM",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_OUTGOING_CALLS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_REMOVE_USER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SAFE_BOOT",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SHARE_LOCATION",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SMS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_UNINSTALL_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_UNMUTE_MICROPHONE",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_USB_FILE_TRANSFER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "ALLOW_PARENT_PROFILE_APP_LINKING",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "ENSURE_VERIFY_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "AUTO_TIME",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "SET_SCREEN_CAPTURE_DISABLED",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "SET_STATUS_BAR_DISABLED",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      }
    ]
  },
  "roles": [
    "ANY"
  ]
}
PropertyDescriptionData
Type 
policyNameThe name of the policy.String
DescriptionProvide a description on what the policy is based on.String
Compliance

Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules:

  • Enforce - Forcefully enforce the policies on the devices.
  • Warning - If the device does not adhere to the given policies a warning message will be sent.
  • Monitor - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.
String
ownershipType

Define the define ownership type using the values given below:

  • ANY - The policy will be applied on the BYOD and COPE device types.
  • BYOD (Bring Your Own Device) - The policy will only be applied on the BYOD device type.
  • COPE (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.
String
profileProvide the policy profile details.-
profileNameThe name of the policy that is being added.String
deviceType

The ID used to define the type of the device platform.

For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.

Integer
profileFeaturesList Lists the features that belong to the profile.-
featureCode

Provide the code that defines the policy you wish to add. WSO2 EMM provides the following features for user restrictions:

For more information, see the featurecode table below.

String
deviceTypeIdThe ID used to define the type of the device platform.Integer
content

The list of parameters that define the policy.

For more information on the feature list for Windows policies, see profileFeaturesList - policy based.

String
enabled

In the context of adding a policy for cameras. The filed is used to define if the camera on the device is permitted to be used or not.

  • true - The camera is enabled.
  • false - the camera is disabled.
Boolean
usersDefine the users the policy needs to be applied on. The policy will be applied on the respective users devices.String array
rolesDefine the roles the policy needs to be applied on. The policy will be applied on the respective user roles devices.String array
Info

If you wish to add a new policy criteria than what is already supported (users and roles) you can do so by defining a new policy criteria within the "policyCriterias" :[] field.


Anchor
featurecode
featurecode
featurecode

Note

The available OS column gives the information on what OS a given feature is available. The features will be available in the proceeding OS versions after it too. For example if its mentioned that the feature is available on the Android 4.1.0 OS version, the feature will be available on the OS version starting from Android 4.1.0 to the latest Android version.

PropertyDescription

Available
OS 

Data
Type 
CAMERADefine if the user is allowed to use the camera by assigning true as the value. 4.1.xBoolean

DISALLOW_ADJUST_VOLUME:

Define if a user is disallowed from adjusting the master volume by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CONFIG_BLUETOOTH

Define if a user is disallowed from configuring bluetooth by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CONFIG_CELL_BROADCASTS

Define if a user is disallowed from configuring cell broadcasts by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CONFIG_CREDENTIALS

Define if a user is disallowed from configuring user credentials by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CONFIG_MOBILE_NETWORKS

Define if a user is disallowed from configuring mobile networks by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CONFIG_TETHERING:

Define if a user is disallowed from configuring Tethering & portable hotspots by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CONFIG_VPN

Define if a user is disallowed from configuring VPN by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CONFIG_WIFI

Define if a user is disallowed from changing Wi-Fi access points by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CREATE_WINDOWS

Define that windows besides app windows should not be created by assigning true as the value.
6
5.0.0Boolean

DISALLOW_CROSS_PROFILE_COPY_PASTE:

Define if what is copied in the clipboard can be pasted in related profiles by assigning true as the value.
6
5.0.0Boolean

DISALLOW_DEBUGGING_FEATURES

Define if a user is disallowed from enabling or accessing debugging features by assigning true as the value.
6
5.0.0Boolean

DISALLOW_FACTORY_RESET

Define if a user is disallowed to factory reset the device from Settings by assigning true as the value.
6
5.0.0Boolean

DISALLOW_ADD_USER

Define if a user is disallowed from adding new users and profiles by assigning true as the value.
6
5.0.0Boolean

DISALLOW_INSTALL_APPS

Define if a user is disallowed from installing applications by assigning true as the value.
6
5.0.0Boolean

DISALLOW_INSTALL_UNKNOWN_SOURCES

Define if a user is disallowed from enabling the "Unknown Sources" setting, that allows installation of apps from unknown sources by assigning true as the value.
6
5.0.0Boolean

DISALLOW_MODIFY_ACCOUNTS

Define if a user is disallowed from adding and removing accounts, unless they are programmatically added by Authenticator.

Info

For more information, see the details on adding an account directly.

6
5.0.0Boolean

DISALLOW_MOUNT_PHYSICAL_MEDIA

Define if a user is disallowed from mounting physical external media by assigning true as the value.
6
5.0.0Boolean

DISALLOW_NETWORK_RESET

Define if a user is disallowed from resetting network settings from Settings by assigning true as the value.
6
5.0.0Boolean

DISALLOW_OUTGOING_BEAM

Define if the user is not allowed to use NFC to beam out data from apps by assigning true as the value.
6
5.0.0Boolean

DISALLOW_OUTGOING_CALLS

Define that the user is not allowed to make outgoing phone calls by assigning true as the value.
6
5.0.0Boolean

DISALLOW_REMOVE_USER

If the value assigned is true, it defines that the user can not remove other users, When set on the primary user this specifies
6
5.0.0Boolean

DISALLOW_SAFE_BOOT

Define if the user is not allowed to reboot the device into safe boot mode.
6
5.0.0Boolean

DISALLOW_SHARE_LOCATION

Define if a user is disallowed from turning on location sharing.
6
5.0.0Boolean

DISALLOW_SMS

Define that the user is not allowed to send or receive SMS messages.
6
5.0.0Boolean

DISALLOW_UNINSTALL_APPS

Define if a user is disallowed from uninstalling applications.
6
5.0.0Boolean

DISALLOW_UNMUTE_MICROPHONE

Define if a user is disallowed from adjusting microphone volume.
6
5.0.0Boolean

DISALLOW_USB_FILE_TRANSFER

Define if a user is disallowed from transferring files over USB.
6
5.0.0Boolean

ALLOW_PARENT_PROFILE_APP_LINKING

Allows apps in the parent profile to handle web links from the managed profile if the value is set to true.
6
5.0.0Boolean

ENSURE_VERIFY_APPS

Define if a user is disallowed from disabling application verification.
6
5.0.0Boolean

AUTO_TIME

Defines that the auto time feature in the device that is in Settings > Date & Time is enabled if the value is set to true.
6
5.0.0Boolean

SET_SCREEN_CAPTURE_DISABLED

The screen shot option on the device will be disabled if the value is set to true.
6
5.0.0Boolean

SET_STATUS_BAR_DISABLED

The status bar on the device will not be shown if the value is set to true.6.0.0Boolean