Adding a User Restriction Policy on Android Devices
Description | Restrict different functions on the user's device using this REST API. When adding a policy you will have the option of saving the user restriction policy or saving and publishing the user restriction policy. For a better understanding on how this works via the EMM console, see Adding a Policy. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Resource Path |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
URL | /mdm-admin/policies/inactive-policy or /mdm-admin/policies/active-policy | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
HTTP Method | POST | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Request/Response Format | application/json | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
cURL command | curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/inactive-policy or curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <EMM_API_TOKEN>" -d @'<JSON_PAYLOAD>' -k -v https://<EMM_HOST>:<EMM_HTTPS_PORT>/mdm-admin/policies/active-policy
Example: curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/inactive-policy or curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a" -d @'policy.json' -k -v https://localhost:9443/mdm-admin/policies/active-policy | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sample output | > POST /mdm-admin/policies/inactive-policy HTTP/1.1 > Host: localhost:9443 > User-Agent: curl/7.43.0 > Accept: */* > Content-Type: application/json > Authorization: Bearer 33392fb365b3ac693b405b565ddc8a3a > Content-Length: 420 < HTTP/1.1 201 Created < Date: Thu, 25 Feb 2016 06:30:18 GMT < Content-Type: application/json < Content-Length: 76 < Server: WSO2 Carbon Server {"statusCode":201,"messageFromServer":"Policy has been added successfully."} | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sample JSON Definition | { "policyName": "restriction_policy", "description": "Add restriction on the devices that have the settings application installed.", "compliance": "enforce", "ownershipType": "ANY", "profile": { "profileName": "restriction_policy", "deviceType": { "id": 1 }, "profileFeaturesList": [ { "featureCode": "CAMERA", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_ADJUST_VOLUME", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CONFIG_BLUETOOTH", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CONFIG_CELL_BROADCASTS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CONFIG_CREDENTIALS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CONFIG_MOBILE_NETWORKS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CONFIG_TETHERING", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CONFIG_VPN", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CONFIG_WIFI", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_APPS_CONTROL", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CREATE_WINDOWS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_CROSS_PROFILE_COPY_PASTE", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_DEBUGGING_FEATURES", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_FACTORY_RESET", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_ADD_USER", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_INSTALL_APPS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_INSTALL_UNKNOWN_SOURCES", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_MODIFY_ACCOUNTS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_MOUNT_PHYSICAL_MEDIA", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_NETWORK_RESET", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_OUTGOING_BEAM", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_OUTGOING_CALLS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_REMOVE_USER", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_SAFE_BOOT", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_SHARE_LOCATION", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_SMS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_UNINSTALL_APPS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_UNMUTE_MICROPHONE", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "DISALLOW_USB_FILE_TRANSFER", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "ALLOW_PARENT_PROFILE_APP_LINKING", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "ENSURE_VERIFY_APPS", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "AUTO_TIME", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "SET_SCREEN_CAPTURE_DISABLED", "deviceTypeId": 1, "content": { "enabled": true } }, { "featureCode": "SET_STATUS_BAR_DISABLED", "deviceTypeId": 1, "content": { "enabled": true } } ] }, "roles": [ "ANY" ] }
If you wish to add a new policy criteria than what is already supported (users and roles) you can do so by defining a new policy criteria within the "
|
Property | Description | Available | Data Type |
---|---|---|---|
CAMERA | Define if the user is allowed to use the camera by assigning true as the value. | 4.1.x | Boolean |
| Define if a user is disallowed from adjusting the master volume by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from configuring bluetooth by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from configuring cell broadcasts by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from configuring user credentials by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from configuring mobile networks by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from configuring Tethering & portable hotspots by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from configuring VPN by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from changing Wi-Fi access points by assigning true as the value. | 5.0.0 | Boolean |
| Define that windows besides app windows should not be created by assigning true as the value. | 5.0.0 | Boolean |
| Define if what is copied in the clipboard can be pasted in related profiles by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from enabling or accessing debugging features by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed to factory reset the device from Settings by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from adding new users and profiles by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from installing applications by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from enabling the "Unknown Sources" setting, that allows installation of apps from unknown sources by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from adding and removing accounts, unless they are programmatically added by Authenticator. For more information, see the details on adding an account directly. | 5.0.0 | Boolean |
| Define if a user is disallowed from mounting physical external media by assigning true as the value. | 5.0.0 | Boolean |
| Define if a user is disallowed from resetting network settings from Settings by assigning true as the value. | 5.0.0 | Boolean |
| Define if the user is not allowed to use NFC to beam out data from apps by assigning true as the value. | 5.0.0 | Boolean |
| Define that the user is not allowed to make outgoing phone calls by assigning true as the value. | 5.0.0 | Boolean |
| If the value assigned is true, it defines that the user can not remove other users, When set on the primary user this specifies | 5.0.0 | Boolean |
| Define if the user is not allowed to reboot the device into safe boot mode. | 5.0.0 | Boolean |
| Define if a user is disallowed from turning on location sharing. | 5.0.0 | Boolean |
| Define that the user is not allowed to send or receive SMS messages. | 5.0.0 | Boolean |
| Define if a user is disallowed from uninstalling applications. | 5.0.0 | Boolean |
| Define if a user is disallowed from adjusting microphone volume. | 5.0.0 | Boolean |
| Define if a user is disallowed from transferring files over USB. | 5.0.0 | Boolean |
| Allows apps in the parent profile to handle web links from the managed profile if the value is set to true. | 5.0.0 | Boolean |
| Define if a user is disallowed from disabling application verification. | 5.0.0 | Boolean |
| Defines that the auto time feature in the device that is in Settings > Date & Time is enabled if the value is set to true. | 5.0.0 | Boolean |
| The screen shot option on the device will be disabled if the value is set to true. | 5.0.0 | Boolean |
| The status bar on the device will not be shown if the value is set to true. | 6.0.0 | Boolean |