The Workspace ONE UEM console provides the admin the ability to view a list of all the permissions that an app is using and set the default action at run time of the app. The Permissions profile is available on Android 6.0+ devices using Work Managed device mode.

You can set run-time permission policies for each Android badged app. The latest permissions are retrieved when configuring an app at an individual app-level. Permissions apply to all Android badged apps.


All permissions used by an app are listed when you select the app from the Exceptions list, however permission policies from the Workspace ONE UEM console only apply to dangerous permissions as deemed by Google. Dangerous permissions cover areas where the app requests data that includes the user's personal information, or could potentially affect the user's stored data. For more information, please reference the Android Developer website.

To create the Permissions profile:

  1. Navigate to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android.

  2. Configure the General profile settings as appropriate.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  3. Configure the Permissions settings, including:

    Settings Description
    Permission Policy

    Select whether to Prompt user for permission, Grant all permissions, or Deny all permissions for all work apps.

    Exceptions Search for apps that have already been added into AirWatch (should only include Android approved apps), and make an exception to the permission policy for the app.
  1. Select Save & Publish to assign the profile to associated devices.