Adding a User Restriction Policy on Android Devices

Description

When adding a policy you will have the option of saving the policy or saving and publishing the policy. Using the REST API command given below you are able to save the user restriction policy and this policy will be in the inactive state.

For a better understanding on how this works via the EMM console, see Adding a Policy.

Resource Path

Adding a policy that is in the inactive state /inactive-policy.
Adding a policy that is in the active state /active-policy.

URL /mdm-admin/policies/inactive-policy or /mdm-admin/policies/active-policy

HTTP Method POST

Request/Response Format application/json

cURL command

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/active-policy

For more information on how to generate the <EMM_API_TOKEN>, see Generating the EMM API Token.
Define the path to the JSON file, which includes the required properties to add a policy as the as the <JSON_PAYLOAD> value. For more information, see the Sample JSON Definition.
By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

Example:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactive-policy
 
or
 
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/active-policy

Sample output

> POST /mdm-admin/policies/inactive-policy HTTP/1.1
> Host: localhost:9443
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a
> Content-Length: 420
< HTTP/1.1 201 Created
< Date: Thu, 25 Feb 2016 06:30:18 GMT
< Content-Type: application/json
< Content-Length: 76
< Server: WSO2 Carbon Server
{"statusCode":201,"messageFromServer":"Policy has been added successfully."}

Sample JSON Definition

{
  "policyName": "restriction_policy",
  "description": "Add restriction on the devices that have the settings application installed.",
  "compliance": "enforce",
  "ownershipType": "ANY",
  "profile": {
    "profileName": "restriction_policy",
    "deviceType": {
      "id": 1
    },
    "profileFeaturesList": [
      {
        "featureCode": "CAMERA",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_ADJUST_VOLUME",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_BLUETOOTH",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_CELL_BROADCASTS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_CREDENTIALS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_MOBILE_NETWORKS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_TETHERING",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_VPN",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CONFIG_WIFI",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_APPS_CONTROL",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CREATE_WINDOWS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_CROSS_PROFILE_COPY_PASTE",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_DEBUGGING_FEATURES",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_FACTORY_RESET",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_ADD_USER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_INSTALL_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_INSTALL_UNKNOWN_SOURCES",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_MODIFY_ACCOUNTS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_MOUNT_PHYSICAL_MEDIA",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_NETWORK_RESET",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_OUTGOING_BEAM",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_OUTGOING_CALLS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_REMOVE_USER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SAFE_BOOT",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SHARE_LOCATION",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_SMS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_UNINSTALL_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_UNMUTE_MICROPHONE",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "DISALLOW_USB_FILE_TRANSFER",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "ALLOW_PARENT_PROFILE_APP_LINKING",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "ENSURE_VERIFY_APPS",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "AUTO_TIME",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "SET_SCREEN_CAPTURE_DISABLED",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      },
      {
        "featureCode": "SET_STATUS_BAR_DISABLED",
        "deviceTypeId": 1,
        "content": {
          "enabled": true
        }
      }
    ]
  },
  "roles": [
    "ANY"
  ]
}

Property	Description	Data Type
`policyName`	The name of the policy.	String
`Description`	Provide a description on what the policy is based on.	String
`Compliance`	Define the non-compliance rules. WSO2 EMM provides the following non-compliance rules: `Enforce` - Forcefully enforce the policies on the devices. `Warning` - If the device does not adhere to the given policies a warning message will be sent. `Monitor` - If the device does not adhere to the given policies the server is notified of the violation unknown to the user and the administrator can take the necessary actions with regard to the reported.	String
`ownershipType`	Define the define ownership type using the values given below: `ANY` - The policy will be applied on the BYOD and COPE device types. `BYOD` (Bring Your Own Device) - The policy will only be applied on the BYOD device type. `COPE` (Corporate-Owned, Personally-Enabled) - The policy will only be applied on the COPE device type.	String
`profile`	Provide the policy profile details.	-
`profileName`	The name of the policy that is being added.	String
`deviceType`	The ID used to define the type of the device platform. For more information on the unique ID for the device platforms supported by the EMM, see Getting Details of the Devices Supported via WSO2 EMM.	Integer
`profileFeaturesList`	Lists the features that belong to the profile.	-
`featureCode`	Provide the code that defines the policy you wish to add. WSO2 EMM provides the following features for user restrictions: For more information, see the featurecode table below.	String
`deviceTypeId`	The ID used to define the type of the device platform.	Integer
`content`	The list of parameters that define the policy. For more information on the feature list for Windows policies, see profileFeaturesList - policy based.	String
`enabled`	In the context of adding a policy for cameras. The filed is used to define if the camera on the device is permitted to be used or not. `true` - The camera is enabled. `false` - the camera is disabled.	Boolean
`users`	Define the users the policy needs to be applied on. The policy will be applied on the respective users devices.	String array
`roles`	Define the roles the policy needs to be applied on. The policy will be applied on the respective user roles devices.	String array

If you wish to add a new policy criteria than what is already supported (users and roles) you can do so by defining a new policy criteria within the "policyCriterias" :[] field.

featurecode

The available OS column gives the information on what OS a given feature is available. The features will be available in the proceeding OS versions after it too. For example if its mentioned that the feature is available on the Android 4.1.0 OS version, the feature will be available on the OS version starting from Android 4.1.0 to the latest Android version.

Property	Description	Available OS	Data Type
`CAMERA`	Define if the user is allowed to use the camera by assigning `true` as the value.	4.1.x	Boolean
`DISALLOW_ADJUST_VOLUME`:	Define if a user is disallowed from adjusting the master volume by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CONFIG_BLUETOOTH`	Define if a user is disallowed from configuring bluetooth by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CONFIG_CELL_BROADCASTS`	Define if a user is disallowed from configuring cell broadcasts by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CONFIG_CREDENTIALS`	Define if a user is disallowed from configuring user credentials by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CONFIG_MOBILE_NETWORKS`	Define if a user is disallowed from configuring mobile networks by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CONFIG_TETHERING`:	Define if a user is disallowed from configuring Tethering & portable hotspots by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CONFIG_VPN`	Define if a user is disallowed from configuring VPN by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CONFIG_WIFI`	Define if a user is disallowed from changing Wi-Fi access points by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CREATE_WINDOWS`	Define that windows besides app windows should not be created by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_CROSS_PROFILE_COPY_PASTE`:	Define if what is copied in the clipboard can be pasted in related profiles by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_DEBUGGING_FEATURES`	Define if a user is disallowed from enabling or accessing debugging features by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_FACTORY_RESET`	Define if a user is disallowed to factory reset the device from Settings by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_ADD_USER`	Define if a user is disallowed from adding new users and profiles by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_INSTALL_APPS`	Define if a user is disallowed from installing applications by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_INSTALL_UNKNOWN_SOURCES`	Define if a user is disallowed from enabling the "Unknown Sources" setting, that allows installation of apps from unknown sources by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_MODIFY_ACCOUNTS`	Define if a user is disallowed from adding and removing accounts, unless they are programmatically added by Authenticator. For more information, see the details on adding an account directly.	6.0.0	Boolean
`DISALLOW_MOUNT_PHYSICAL_MEDIA`	Define if a user is disallowed from mounting physical external media by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_NETWORK_RESET`	Define if a user is disallowed from resetting network settings from Settings by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_OUTGOING_BEAM`	Define if the user is not allowed to use NFC to beam out data from apps by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_OUTGOING_CALLS`	Define that the user is not allowed to make outgoing phone calls by assigning `true` as the value.	6.0.0	Boolean
`DISALLOW_REMOVE_USER`	If the value assigned is true, it defines that the user can not remove other users, When set on the primary user this specifies	6.0.0	Boolean
`DISALLOW_SAFE_BOOT`	Define if the user is not allowed to reboot the device into safe boot mode.	6.0.0	Boolean
`DISALLOW_SHARE_LOCATION`	Define if a user is disallowed from turning on location sharing.	6.0.0	Boolean
`DISALLOW_SMS`	Define that the user is not allowed to send or receive SMS messages.	6.0.0	Boolean
`DISALLOW_UNINSTALL_APPS`	Define if a user is disallowed from uninstalling applications.	6.0.0	Boolean
`DISALLOW_UNMUTE_MICROPHONE`	Define if a user is disallowed from adjusting microphone volume.	6.0.0	Boolean
`DISALLOW_USB_FILE_TRANSFER`	Define if a user is disallowed from transferring files over USB.	6.0.0	Boolean
`ALLOW_PARENT_PROFILE_APP_LINKING`	Allows apps in the parent profile to handle web links from the managed profile if the value is set to true.	6.0.0	Boolean
`ENSURE_VERIFY_APPS`	Define if a user is disallowed from disabling application verification.	6.0.0	Boolean
`AUTO_TIME`	Defines that the auto time feature in the device that is in Settings > Date & Time is enabled if the value is set to true.	6.0.0	Boolean
`SET_SCREEN_CAPTURE_DISABLED`	The screen shot option on the device will be disabled if the value is set to true.	6.0.0	Boolean
`SET_STATUS_BAR_DISABLED`	The status bar on the device will not be shown if the value is set to true.	6.0.0	Boolean