en/devices/tech/admin/multi-user.html - platform/docs/source.android.com - Git at Google

 page.title=Supporting Multiple Users
 @jd:body

 <!--
     Copyright 2015 The Android Open Source Project

     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at

         http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.
 -->
 <div id="qv-wrapper">
   <div id="qv">
     <h2>In this document</h2>
     <ol id="auto-toc">
     </ol>
   </div>
 </div>

 <p>Android supports multiple users on a single Android device by separating user
 accounts and application data. For instance, parents may allow their children to
 use the family tablet, or a critical response team might share a mobile device
 for on-call duty.</p>

 <h2 id=definitions>Terminology</h2>
 <p>Android uses the following terms when describing Android users and accounts.</p>

 <h3 id=general_defs>General</h3>
 <p>Android device administration uses the following general terms.</p>

 <ul>
   <li><em>User</em>. Each user is intended to be used by a different physical
   person. Each user has distinct application data and some unique settings, as
   well as a user interface to explicitly switch between users. A user can run in
   the background when another user is active; the system manages shutting down
   users to conserve resources when appropriate. Secondary users can be created
   either directly via the primary user interface or from a
   <a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device
   Administration</a> application.</li>
   <li><em>Account</em>. Accounts are contained within a user but are not defined
   by a user, nor is a user defined by or linked to any given account. Users and
   profiles contain their own unique accounts but are not required to have
   accounts to be functional. The list of accounts differs by user. For details,
   refer to the
   <a href="https://developer.android.com/reference/android/accounts/Account.html">Account
   class</a> definition.</li>
   <li><em>Profile</em>. A profile has separated app data but shares some
   system-wide settings (for example, Wi-Fi and Bluetooth). A profile is a subset
   of and tied to the existence of a user. A user can have multiple profiles.
   They are created through a
   <a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device
   Administration</a> application. A profile always has an immutable association
   to a parent user, defined by the user that created the profile. Profiles do not live beyond the lifetime of the creating user.</li>
   <li><em>App</em>. An application’s data exists within each associated user.
   App data is sandboxed from other applications within the same user. Apps
   within the same user can interact with each other via IPC. For details, refer
   to <a href="https://developer.android.com/training/enterprise/index.html">Building
   Apps for Work</a>.</li>
 </ul>

 <h3 id=user_types>User types</h3>
 <p>Android device administration uses the following user types.</p>

 <ul>
   <li><em>Primary</em>. First user added to a device. The primary user
   cannot be removed except by factory reset and is always running even when
   other users are in the foreground. This user also has special privileges and
   settings only it can set.</li>
   <li><em>Secondary</em>. Any user added to the device other than the primary
   user. Secondary users can be removed (either by themselves or by the primary
   user) and cannot impact other users on a device. These users can run in the
   background and continue to have network connectivity.</li>
   <li><em>Guest</em>. Temporary secondary user. Guest users have an explicit
   option to quick delete the guest user when its usefulness is over. There can
   be only one guest user at a time.</li>
 </ul>

 <h3 id=profile_types>Profile types</h3>
 <p>Android device administration uses the following profile types.</p>

 <ul>
   <li><em>Managed</em>. Created by an application to contain work data
   and apps. They are managed exclusively by the profile owner (the app that
   created the corp profile). Launcher, notifications, and recent tasks are
   shared by the primary user and the corp profile.</li>
   <li><em>Restricted</em>. Uses accounts based off the primary user, who can
   control what apps are available on the restricted profile. Available only on
   tablets.</li>
 </ul>

 <h2 id=applying_the_overlay>Enabling multi-user</h2>

 <p>As of Android 5.0, the multi-user feature is disabled by default. To
 enable it, device manufacturers must define a resource overlay that replaces
 the following values in <code>frameworks/base/core/res/res/values/config.xml</code>:
 </p>

 <pre>&lt;!--  Maximum number of supported users --&gt;
 &lt;integer name="config_multiuserMaximumUsers"&gt;1&lt;/integer&gt;
 &lt;!--  Whether Multiuser UI should be shown --&gt;
 &lt;bool name="config_enableMultiUserUI"&gt;false&lt;/bool&gt;
 </pre>

 <p>To apply this overlay and enable guest and secondary users on the device, use
 the <code>DEVICE_PACKAGE_OVERLAYS</code> feature of the Android build system to:</p>

 <ul>
   <li>Replace the value for <code>config_multiuserMaximumUsers</code> with one
     greater than 1</li>
   <li>Replace the value of <code>config_enableMultiUserUI</code> with:
   <code>true</code></li>
 </ul>

 <p>Device manufacturers may decide upon the maximum number of users. If device
 manufacturers or others have modified settings, they must ensure SMS and
 telephony work as defined in the
 <a href="{@docRoot}compatibility/android-cdd.pdf">Android Compatibility
 Definition Document</a> (CDD).</p>

 <h2 id=managing_users>Managing multiple users</h2>

 <p>Management of users and profiles (with the exception of restricted profiles)
 is performed by applications that programmatically invoke API in the
 <code>DevicePolicyManager</code> class to restrict use.</p>

 <p>Schools and enterprises may employ users and profiles to manage the lifetime
 and scope of apps and data on devices, using the types outlined above in
 conjunction with the
 <a href="http://developer.android.com/reference/android/os/UserManager.html">UserManager
 API</a> to build unique solutions tailored to their use cases.</p>


 <h2 id=effects>Multi-user system behavior</h2>

 <p>When users are added to a device, some functionality is curtailed when
 another user is in the foreground. Since app data is separated by user, the
 state of those apps differs by user. For example, email destined for an account
 of a user not currently in focus won’t be available until that user and account
 are active on the device.</p>

 <p>By default, only the primary user has full access to phone calls and texts.
 The secondary user may receive inbound calls but cannot send or receive texts.
 The primary user must enable these functions for others.</p>

 <p class="note"><strong>Note</strong>: To enable or disable the phone and SMS
 functions for a secondary user, go to <em>Settings > Users</em>, select the
 user, and switch the <em>Allow phone calls and SMS</em> setting to off.</p>

 <p>Some restrictions exist when a secondary user is in background. For instance,
 the background secondary user cannot display the user interface or make
 Bluetooth services active. In addition, the system process will halt background
 secondary users if the device needs additional memory for operations in the
 foreground user.</p>

 <p>When employing multiple users on an Android device, keep the following
 behavior in mind:</p>

 <ul>
   <li>Notifications appear for all accounts of a single user at once.</li>
   <li>Notifications for other users do not appear until active.</li>
   <li>Each user gets a workspace to install and place apps.</li>
   <li>No user has access to the app data of another user.</li>
   <li>Any user can affect the installed apps for all users.</li>
   <li>The primary user can remove apps or even the entire workspace established
   by secondary users.</li>
 </ul>

 <p>Android 7.0 includes several enhancements, including:</p>

 <ul>
   <li><em>Toggle work profile</em>. Users can disable their managed profile
   (such as when not at work). This functionality is achieved by stopping the
   user; UserManagerService calls <code>ActivityManagerNative#stopUser()</code>.
   </li>
   <li><em>Always-on VPN</em>. VPN applications can now be set to always-on by
   the user, Device DPC, or Managed Profile DPC (applies only to Managed Profile
   applications). When enabled, applications cannot access the public network
   (access to network resources is stopped until the VPN has connected and
   connections can be routed over it). Devices that report
   <code>device_admin</code> must implement always-on VPN.</li>
 </ul>

 <p>For more details on Android 7.0 device administration features, refer to
 <a href="https://developer.android.com/preview/features/afw.html">Android
 for Work Updates</a>.</p>
	page.title=Supporting Multiple Users
	@jd:body

	<!--
	Copyright 2015 The Android Open Source Project

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<div id="qv-wrapper">
	<div id="qv">
	<h2>In this document</h2>
	<ol id="auto-toc">
	</ol>
	</div>
	</div>

	<p>Android supports multiple users on a single Android device by separating user
	accounts and application data. For instance, parents may allow their children to
	use the family tablet, or a critical response team might share a mobile device
	for on-call duty.</p>

	<h2 id=definitions>Terminology</h2>
	<p>Android uses the following terms when describing Android users and accounts.</p>

	<h3 id=general_defs>General</h3>
	<p>Android device administration uses the following general terms.</p>

	<ul>
	<li><em>User</em>. Each user is intended to be used by a different physical
	person. Each user has distinct application data and some unique settings, as
	well as a user interface to explicitly switch between users. A user can run in
	the background when another user is active; the system manages shutting down
	users to conserve resources when appropriate. Secondary users can be created
	either directly via the primary user interface or from a
	<a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device
	Administration</a> application.</li>
	<li><em>Account</em>. Accounts are contained within a user but are not defined
	by a user, nor is a user defined by or linked to any given account. Users and
	profiles contain their own unique accounts but are not required to have
	accounts to be functional. The list of accounts differs by user. For details,
	refer to the
	<a href="https://developer.android.com/reference/android/accounts/Account.html">Account
	class</a> definition.</li>
	<li><em>Profile</em>. A profile has separated app data but shares some
	system-wide settings (for example, Wi-Fi and Bluetooth). A profile is a subset
	of and tied to the existence of a user. A user can have multiple profiles.
	They are created through a
	<a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device
	Administration</a> application. A profile always has an immutable association
	to a parent user, defined by the user that created the profile. Profiles do not live beyond the lifetime of the creating user.</li>
	<li><em>App</em>. An application’s data exists within each associated user.
	App data is sandboxed from other applications within the same user. Apps
	within the same user can interact with each other via IPC. For details, refer
	to <a href="https://developer.android.com/training/enterprise/index.html">Building
	Apps for Work</a>.</li>
	</ul>

	<h3 id=user_types>User types</h3>
	<p>Android device administration uses the following user types.</p>

	<ul>
	<li><em>Primary</em>. First user added to a device. The primary user
	cannot be removed except by factory reset and is always running even when
	other users are in the foreground. This user also has special privileges and
	settings only it can set.</li>
	<li><em>Secondary</em>. Any user added to the device other than the primary
	user. Secondary users can be removed (either by themselves or by the primary
	user) and cannot impact other users on a device. These users can run in the
	background and continue to have network connectivity.</li>
	<li><em>Guest</em>. Temporary secondary user. Guest users have an explicit
	option to quick delete the guest user when its usefulness is over. There can
	be only one guest user at a time.</li>
	</ul>

	<h3 id=profile_types>Profile types</h3>
	<p>Android device administration uses the following profile types.</p>

	<ul>
	<li><em>Managed</em>. Created by an application to contain work data
	and apps. They are managed exclusively by the profile owner (the app that
	created the corp profile). Launcher, notifications, and recent tasks are
	shared by the primary user and the corp profile.</li>
	<li><em>Restricted</em>. Uses accounts based off the primary user, who can
	control what apps are available on the restricted profile. Available only on
	tablets.</li>
	</ul>

	<h2 id=applying_the_overlay>Enabling multi-user</h2>

	<p>As of Android 5.0, the multi-user feature is disabled by default. To
	enable it, device manufacturers must define a resource overlay that replaces
	the following values in <code>frameworks/base/core/res/res/values/config.xml</code>:
	</p>

	<pre><!-- Maximum number of supported users -->
	<integer name="config_multiuserMaximumUsers">1</integer>
	<!-- Whether Multiuser UI should be shown -->
	<bool name="config_enableMultiUserUI">false</bool>
	</pre>

	<p>To apply this overlay and enable guest and secondary users on the device, use
	the <code>DEVICE_PACKAGE_OVERLAYS</code> feature of the Android build system to:</p>

	<ul>
	<li>Replace the value for <code>config_multiuserMaximumUsers</code> with one
	greater than 1</li>
	<li>Replace the value of <code>config_enableMultiUserUI</code> with:
	<code>true</code></li>
	</ul>

	<p>Device manufacturers may decide upon the maximum number of users. If device
	manufacturers or others have modified settings, they must ensure SMS and
	telephony work as defined in the
	<a href="{@docRoot}compatibility/android-cdd.pdf">Android Compatibility
	Definition Document</a> (CDD).</p>

	<h2 id=managing_users>Managing multiple users</h2>

	<p>Management of users and profiles (with the exception of restricted profiles)
	is performed by applications that programmatically invoke API in the
	<code>DevicePolicyManager</code> class to restrict use.</p>

	<p>Schools and enterprises may employ users and profiles to manage the lifetime
	and scope of apps and data on devices, using the types outlined above in
	conjunction with the
	<a href="http://developer.android.com/reference/android/os/UserManager.html">UserManager
	API</a> to build unique solutions tailored to their use cases.</p>


	<h2 id=effects>Multi-user system behavior</h2>

	<p>When users are added to a device, some functionality is curtailed when
	another user is in the foreground. Since app data is separated by user, the
	state of those apps differs by user. For example, email destined for an account
	of a user not currently in focus won’t be available until that user and account
	are active on the device.</p>

	<p>By default, only the primary user has full access to phone calls and texts.
	The secondary user may receive inbound calls but cannot send or receive texts.
	The primary user must enable these functions for others.</p>

	<p class="note"><strong>Note</strong>: To enable or disable the phone and SMS
	functions for a secondary user, go to <em>Settings > Users</em>, select the
	user, and switch the <em>Allow phone calls and SMS</em> setting to off.</p>

	<p>Some restrictions exist when a secondary user is in background. For instance,
	the background secondary user cannot display the user interface or make
	Bluetooth services active. In addition, the system process will halt background
	secondary users if the device needs additional memory for operations in the
	foreground user.</p>

	<p>When employing multiple users on an Android device, keep the following
	behavior in mind:</p>

	<ul>
	<li>Notifications appear for all accounts of a single user at once.</li>
	<li>Notifications for other users do not appear until active.</li>
	<li>Each user gets a workspace to install and place apps.</li>
	<li>No user has access to the app data of another user.</li>
	<li>Any user can affect the installed apps for all users.</li>
	<li>The primary user can remove apps or even the entire workspace established
	by secondary users.</li>
	</ul>

	<p>Android 7.0 includes several enhancements, including:</p>

	<ul>
	<li><em>Toggle work profile</em>. Users can disable their managed profile
	(such as when not at work). This functionality is achieved by stopping the
	user; UserManagerService calls <code>ActivityManagerNative#stopUser()</code>.
	</li>
	<li><em>Always-on VPN</em>. VPN applications can now be set to always-on by
	the user, Device DPC, or Managed Profile DPC (applies only to Managed Profile
	applications). When enabled, applications cannot access the public network
	(access to network resources is stopped until the VPN has connected and
	connections can be routed over it). Devices that report
	<code>device_admin</code> must implement always-on VPN.</li>
	</ul>

	<p>For more details on Android 7.0 device administration features, refer to
	<a href="https://developer.android.com/preview/features/afw.html">Android
	for Work Updates</a>.</p>