User permissions allow the user to deny permission or to grant permission to a specific API. User permissions may require an explicit approval by the user. The user can either deny the permission or allow it. There are three interaction modes in which user permissions can be granted:
blanket/aAlways allowed
When the blanket/Always allowed interaction mode is used, the MIDlet suite acquires the permission as long as the suite is installed, unless explicitly revoked by the user.
session/ask first time only
The session/ask first time only mode requests the user authorization the first time the API is invoked and its validity is guaranteed while any of the MIDlets in the same suite are running.
oneshot/ask every time
oneshot/ask every time permissions request user approval every time the API is invoked. The protection domain determines which of the modes are available for each user permission as well as the default mode.
Choosing the appropriate user permission interaction modes should be based on the security policy and the device implementation. User permissions come with their own default interaction modes. The user SHOULD be presented with a choice of interaction modes. The user MUST always be able to deny permission.