The Workspace ONE UEM console provides the admin the ability to view a list of all the permissions that an application is using and set the default action at run time of the app. The Permissions profile is available on Android 6.0+ devices using Work Managed device and Work Profile mode.

You can set run-time permission policies for each Android app. The latest permissions are retrieved when configuring an app at an individual app-level.

Note: All permissions used by an app are listed when you select the app from the Exceptions list, however permission policies from the Workspace ONE UEM console only apply to dangerous permissions as deemed by Google. Dangerous permissions cover areas where the app requests data that includes the user's personal information, or could potentially affect the user's stored data. For more information, please reference the Android Developer website.


  1. Navigate to Resources > Profiles & Baselines > Profiles > Add > Add Profile > Android.
  2. Configure the General profile settings as appropriate.
  3. Configure the Permissions settings, including:
    Settings Description
    Permission Policy

    Select whether to Prompt user for permission, Grant all permissions, or Deny all permissions for all work apps.

    Exceptions Search for apps that have already been added into AirWatch (should only include Android approved apps), and make an exception to the permission policy for the app.
  4. Select Save & Publish to assign the profile to associated devices.