Request Run-time Privileges

Open Beta Documentation Amazon offers this technical documentation as part of a pre-release, open beta. The features described might change as Amazon receives feedback and iterates on the features. For the most current feature information, see the Release Notes.

Vega defines a group of privileges to limit access to security and privacy-sensitive features, such as access to camera or microphone. Access to such privileges is granted at run-time, and users may choose to deny access.

Apps are designed with the principle of least privilege

Apps should only use the privileges they need, and request them at the time of accessing a privileged API. Apps must handle denials, and should provide a graceful fallback experience to users.

Privileges

There are two types of privileges in Vega:

Install-time privileges: These are recorded when the app is installed and automatically granted when the app requests them.
Run-time privileges: These are granted interactively by the user while the app is running, and might be denied. If the user denies the privilege request, the app should still function normally, perhaps with limited capabilities.

Declare privilege intent in the app manifest

Apps declare the privileges they require in the app's manifest.toml file, as a [[needs.privilege]] or [[wants.privilege]] section. Consult the Vega App Manifest File documentation.

Request privileges

To request explicit consent from the user to access resources guarded by runtime privileges an app must specify the privilege needed. For more information, see the Security Manager API.

Explain permission requests

App users are more likely to allow access to sensitive data if the app explains why it needs that access. It is recommended for an app to display its own dialog before requesting privileges explaining to the user how the app will use the privileges it is requesting. This also gives apps the ability to explain that only part of a privileged API will be accessed.

Gracefully degrade the app experience on denied privileges

If the user denied a privilege, the app gracefully degrades its experience. The app still functions, possibly while highlighting the sections of the app that can't function without the privilege. If a user denies a privilege, the app may show a UI element that will deep-link to the specific pane in the product's Settings app for changing the run-time privileges.

Handling changes to privilege state

The user can change their consent for a privilege at any time. If the user chooses to deny a privilege that they previously allowed, then the system will terminate the app that privilege applies to. This prevents the app from continuing to use an API it already had access to when the decision was changed.

Security Manager API

Last updated: Sep 30, 2025