diff --git a/frameworks/common/include/permission_policy.h b/frameworks/common/include/permission_policy.h
index 34fc2a5ea2750b7d32117455a758912c7ef9e558..4014ae6b9745bafe26120190c6985977e4bea39f 100644
--- a/frameworks/common/include/permission_policy.h
+++ b/frameworks/common/include/permission_policy.h
@@ -125,6 +125,10 @@ public:
     std::string ownerAccount_;
     std::string ownerAccountId_;
     DlpAccountType ownerAccountType_;
+    std::string accountName_ = "";
+    std::string acountId_ = "";
+    DlpAccountType acountType_ = INVALID_ACCOUNT;
+    DLPFileAccess perm_ = NO_PERMISSION;
     std::vector<AuthUserInfo> authUsers_;
     bool supportEveryone_ = false;
     DLPFileAccess everyonePerm_ = NO_PERMISSION;
diff --git a/frameworks/dlp_permission/include/dlp_policy_parcel.h b/frameworks/dlp_permission/include/dlp_policy_parcel.h
index a3aaedbec96f2948f47a96c46b64abce95fe3d64..d3f799826b94e48d07a7afe05834871438674e20 100644
--- a/frameworks/dlp_permission/include/dlp_policy_parcel.h
+++ b/frameworks/dlp_permission/include/dlp_policy_parcel.h
@@ -31,6 +31,7 @@ struct DlpPolicyParcel final : public Parcelable {
     PermissionPolicy policyParams_;
 
 private:
+    void MarshallingAccountInfo(Parcel& out) const;
     void MarshallingExpireTime(Parcel& out) const;
     void MarshallingKey(Parcel& out) const;
 };
diff --git a/frameworks/dlp_permission/src/dlp_policy_parcel.cpp b/frameworks/dlp_permission/src/dlp_policy_parcel.cpp
index 5e02f31532e7e362b96188222f38398c6032d9ee..be403dbefc247ee9972d4b08752cbdb230b154f0 100644
--- a/frameworks/dlp_permission/src/dlp_policy_parcel.cpp
+++ b/frameworks/dlp_permission/src/dlp_policy_parcel.cpp
@@ -51,6 +51,23 @@ bool DlpPolicyParcel::Marshalling(Parcel& out) const
     if (!(out.WriteUint8(this->policyParams_.everyonePerm_))) {
         DLP_LOG_ERROR(LABEL, "Write everyonePerm_ fail");
     }
+    MarshallingAccountInfo(out);
+    if (!(out.WriteUint8(this->policyParams_.perm_))) {
+        DLP_LOG_ERROR(LABEL, "Write perm fail");
+    }
+    MarshallingKey(out);
+    MarshallingExpireTime(out);
+    if (!(out.WriteUint32(this->policyParams_.dlpVersion_))) {
+        DLP_LOG_ERROR(LABEL, "Write dlpVersion_ fail");
+    }
+    if (!(out.WriteBool(this->policyParams_.debug_))) {
+        DLP_LOG_ERROR(LABEL, "Write debug_ fail");
+    }
+    return true;
+}
+
+void DlpPolicyParcel::MarshallingAccountInfo(Parcel& out) const
+{
     if (!(out.WriteString(this->policyParams_.ownerAccount_))) {
         DLP_LOG_ERROR(LABEL, "Write owner account fail");
     }
@@ -60,16 +77,15 @@ bool DlpPolicyParcel::Marshalling(Parcel& out) const
     if (!(out.WriteUint8(this->policyParams_.ownerAccountType_))) {
         DLP_LOG_ERROR(LABEL, "Write owner account type fail");
     }
-
-    MarshallingKey(out);
-    MarshallingExpireTime(out);
-    if (!(out.WriteUint32(this->policyParams_.dlpVersion_))) {
-        DLP_LOG_ERROR(LABEL, "Write dlpVersion_ fail");
+    if (!(out.WriteString(this->policyParams_.accountName_))) {
+        DLP_LOG_ERROR(LABEL, "Write accountName fail");
     }
-    if (!(out.WriteBool(this->policyParams_.debug_))) {
-        DLP_LOG_ERROR(LABEL, "Write debug_ fail");
+    if (!(out.WriteString(this->policyParams_.acountId_))) {
+        DLP_LOG_ERROR(LABEL, "Write accountId fail");
+    }
+    if (!(out.WriteUint8(this->policyParams_.acountType_))) {
+        DLP_LOG_ERROR(LABEL, "Write accountType fail");
     }
-    return true;
 }
 
 void DlpPolicyParcel::MarshallingKey(Parcel& out) const
@@ -180,6 +196,39 @@ static bool ReadAesParam(PermissionPolicy& policy, Parcel& in)
     return true;
 }
 
+static bool ReadAccountInfo(PermissionPolicy& policy, Parcel& in)
+{
+    if (!(in.ReadString(policy.ownerAccount_))) {
+        DLP_LOG_ERROR(LABEL, "Read owner account fail");
+        return false;
+    }
+    if (!(in.ReadString(policy.ownerAccountId_))) {
+        DLP_LOG_ERROR(LABEL, "Read owner accountId fail");
+        return false;
+    }
+    uint8_t res = 0;
+    if (!(in.ReadUint8(res))) {
+        DLP_LOG_ERROR(LABEL, "Read owner account type fail");
+        return false;
+    }
+    policy.ownerAccountType_ = static_cast<DlpAccountType>(res);
+    if (!(in.ReadString(policy.accountName_))) {
+        DLP_LOG_ERROR(LABEL, "Read accountName fail");
+        return false;
+    }
+    if (!(in.ReadString(policy.acountId_))) {
+        DLP_LOG_ERROR(LABEL, "Read accountId fail");
+        return false;
+    }
+    uint8_t type = 0;
+    if (!(in.ReadUint8(type))) {
+        DLP_LOG_ERROR(LABEL, "Read account type fail");
+        return false;
+    }
+    policy.acountType_ = static_cast<DlpAccountType>(type);
+    return true;
+}
+
 static bool ReadParcel(Parcel& in, DlpPolicyParcel* policyParcel)
 {
     uint32_t listSize;
@@ -203,26 +252,21 @@ static bool ReadParcel(Parcel& in, DlpPolicyParcel* policyParcel)
         DLP_LOG_ERROR(LABEL, "Write supportEveryone_ fail");
         return false;
     }
-    uint8_t perm;
-    if (!(in.ReadUint8(perm))) {
+    uint8_t everyonePerm;
+    if (!(in.ReadUint8(everyonePerm))) {
         DLP_LOG_ERROR(LABEL, "Write everyonePerm_ fail");
         return false;
     }
-    policyParcel->policyParams_.everyonePerm_ = static_cast<DLPFileAccess>(perm);
-    if (!(in.ReadString(policyParcel->policyParams_.ownerAccount_))) {
-        DLP_LOG_ERROR(LABEL, "Read owner account fail");
-        return false;
-    }
-    if (!(in.ReadString(policyParcel->policyParams_.ownerAccountId_))) {
-        DLP_LOG_ERROR(LABEL, "Read owner accountId fail");
+    policyParcel->policyParams_.everyonePerm_ = static_cast<DLPFileAccess>(everyonePerm);
+    if (!ReadAccountInfo(policyParcel->policyParams_, in)) {
         return false;
     }
-    uint8_t res = 0;
-    if (!(in.ReadUint8(res))) {
+    uint8_t perm = 0;
+    if (!(in.ReadUint8(perm))) {
         DLP_LOG_ERROR(LABEL, "Read owner account type fail");
         return false;
     }
-    policyParcel->policyParams_.ownerAccountType_ = static_cast<DlpAccountType>(res);
+    policyParcel->policyParams_.perm_ = static_cast<DLPFileAccess>(perm);
     return ReadAesParam(policyParcel->policyParams_, in);
 }
 
diff --git a/interfaces/inner_api/dlp_parse/src/dlp_file.cpp b/interfaces/inner_api/dlp_parse/src/dlp_file.cpp
index 04d689ba312c128daff2911c4771b5004cde7a93..dbe00cfc29eb59e30453bf7e7bb3ee2a173b4ad7 100755
--- a/interfaces/inner_api/dlp_parse/src/dlp_file.cpp
+++ b/interfaces/inner_api/dlp_parse/src/dlp_file.cpp
@@ -241,6 +241,11 @@ int32_t DlpFile::GetDomainAccountName(std::string& account) const
 
 bool DlpFile::UpdateDlpFilePermission()
 {
+    if (!policy_.accountName_.empty()) {
+        DLP_LOG_INFO(LABEL, "AccountName_ is not empty, perm is  %{public}d", policy_.perm_);
+        authPerm_ = policy_.perm_;
+        return true;
+    }
     std::string accountName;
     if (policy_.ownerAccountType_ == DOMAIN_ACCOUNT) {
         if (GetDomainAccountName(accountName) != DLP_OK) {
diff --git a/services/dlp_permission/sa/mock/dlp_credential_client_defines.h b/services/dlp_permission/sa/mock/dlp_credential_client_defines.h
index 5ced13934b7b8792e82b04b163dc6df7e14b4b90..74cf58a5d72e76caf70c1c9c604bfe87d7865a01 100644
--- a/services/dlp_permission/sa/mock/dlp_credential_client_defines.h
+++ b/services/dlp_permission/sa/mock/dlp_credential_client_defines.h
@@ -26,6 +26,11 @@ typedef enum {
     APPLICATION_ACCOUNT,
 } AccountType;
 
+typedef enum {
+    READ_ONLY = 1,
+    USE_PERM_IN_POLICY,
+}OpenMode;
+
 typedef enum {
     RECEIVER_DECRYPT_MUST_USE_CLOUD_AND_RETURN_ENCRYPTION_VALUE = 0,
     RECEIVER_DECRYPT_MUST_USE_CLOUD = 1,
diff --git a/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp b/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp
index c1924c3aeef4581666f73d5242fb81b98b46f522..a04e999d7e78cc09701b3edf4dff70bbce3f5692 100644
--- a/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp
+++ b/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp
@@ -60,6 +60,9 @@ const std::string ENC_POLICY = "encPolicy";
 const std::string OFFLINE_CERT = "offlineCert";
 const std::string ACCOUNT_TYPE = "accountType";
 const std::string RECEIVER_ACCOUNT_INFO = "receiverAccountInfo";
+const std::string OPEN_MODE = "openMode";
+const std::string ACCOUNT_NAME = "accountName";
+const std::string ACCOUNT_ID = "accountId";
 constexpr uint64_t  VALID_TIME_STAMP = 2147483647;
 
 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
@@ -396,6 +399,18 @@ static void InitPermissionPolicy(PermissionPolicy& policy, const std::vector<Aut
     if (policyJson.find(DLP_FILE_DEBUG_FLAG) != policyJson.end() && policyJson.at(DLP_FILE_DEBUG_FLAG).is_boolean()) {
         policyJson.at(DLP_FILE_DEBUG_FLAG).get_to(policy.debug_);
     }
+    if (policyJson.find(OPEN_MODE) != policyJson.end() && policyJson.at(DLP_FILE_DEBUG_FLAG).is_number()) {
+        policy.perm_ = READ_ONLY;
+    }
+    if (policyJson.find(ACCOUNT_TYPE) != policyJson.end() && policyJson.at(ACCOUNT_TYPE).is_number()) {
+        policyJson.at(ACCOUNT_TYPE).get_to(policy.acountType_);
+    }
+    if (policyJson.find(ACCOUNT_NAME) != policyJson.end() && policyJson.at(ACCOUNT_NAME).is_string()) {
+        policyJson.at(ACCOUNT_NAME).get_to(policy.accountName_);
+    }
+    if (policyJson.find(ACCOUNT_ID) != policyJson.end() && policyJson.at(ACCOUNT_ID).is_string()) {
+        policyJson.at(ACCOUNT_ID).get_to(policy.acountId_);
+    }
     policy.ownerAccountType_ = CLOUD_ACCOUNT;
 }
 
diff --git a/services/dlp_permission/sa/sa_main/dlp_credential.cpp b/services/dlp_permission/sa/sa_main/dlp_credential.cpp
index 99b12b9869b0c9b4b11384dbb9eb1676de51803a..064ed356c0269d86689efef4c46d626b895d9259 100644
--- a/services/dlp_permission/sa/sa_main/dlp_credential.cpp
+++ b/services/dlp_permission/sa/sa_main/dlp_credential.cpp
@@ -491,7 +491,11 @@ static int32_t GetAccoutInfo(DlpAccountType accountType, AccountInfo& accountCfg
     if (accountType == DOMAIN_ACCOUNT) {
         if (GetDomainAccountName(account, contactAccount, isOwner) != DLP_OK) {
             DLP_LOG_ERROR(LABEL, "query GetDomainAccountName failed");
-            return DLP_PARSE_ERROR_ACCOUNT_INVALID;
+            accountCfg = {
+                .accountId = nullptr,
+                .accountIdLen = 0,
+            };
+            return DLP_OK;
         }
     } else {
         if (GetLocalAccountName(account, contactAccount, isOwner) != DLP_OK) {
diff --git a/test/fuzztest/dlp_permission/fuzzer/dlpfile_fuzzer/dlpfile_fuzzer.cpp b/test/fuzztest/dlp_permission/fuzzer/dlpfile_fuzzer/dlpfile_fuzzer.cpp
index 81fb9fc669e59a420f2739f3cc1ead25e67bc2e2..fa01494ede301f4dee5b008fc07a33c362ba9287 100644
--- a/test/fuzztest/dlp_permission/fuzzer/dlpfile_fuzzer/dlpfile_fuzzer.cpp
+++ b/test/fuzztest/dlp_permission/fuzzer/dlpfile_fuzzer/dlpfile_fuzzer.cpp
@@ -105,7 +105,7 @@ static void GenerateRandProperty(struct DlpProperty& encProp, const uint8_t* dat
     for (uint32_t user = 0; user < TEST_USER_COUNT; ++user) {
         std::string accountName = account + std::to_string(user);
         AuthUserInfo perminfo = {.authAccount = strdup(const_cast<char *>(accountName.c_str())),
-            .authPerm = READ_ONLY,
+            .authPerm = DLPFileAccess::READ_ONLY,
             .permExpiryTime = curTime + EXPIRT_TIME,
             .authAccountType = DlpAccountType::CLOUD_ACCOUNT};
         encProp.authUsers.emplace_back(perminfo);