We are running SharePoint Server 2016 and have developed a SharePoint-hosted app. The app reads lists from the current site collection and it uses the search engine to do so. The problem is that very high permissions are required to install the app, and I cannot understand why.
I have two questions:
1) When a site collection administrator tries to install our app to a site collection, the following error message is displayed:
"Your tenant administrator has to approve this app. Request Approval."
How can I let users install our app without approval? We don't want to approve every app.
2) Currently, I can only install the app if I am also a Local Administrator in Windows on the Web Front-End server. Why is this required?
The only permissions that are listed on the "Do you trust this app?" page are the following:
• Let it read items in this site collection.
• Let it access basic information about the users of this site.
• Allow this app to execute search queries on your behalf, ignoring the app's permissions on result items.
From the AppManifest.xml:
Very grateful for any help!