SharePoint Server: Permissions required to install a SharePoint-hosted app?

Question

We are running SharePoint Server 2016 and have developed a SharePoint-hosted app. The app reads lists from the current site collection and it uses the search engine to do so. The problem is that very high permissions are required to install the app, and I cannot understand why.

I have two questions:

1) When a site collection administrator tries to install our app to a site collection, the following error message is displayed:
"Your tenant administrator has to approve this app. Request Approval."

How can I let users install our app without approval? We don't want to approve every app.

2) Currently, I can only install the app if I am also a Local Administrator in Windows on the Web Front-End server. Why is this required?

The only permissions that are listed on the "Do you trust this app?" page are the following:
• Let it read items in this site collection.
• Let it access basic information about the users of this site.
• Allow this app to execute search queries on your behalf, ignoring the app's permissions on result items.

From the AppManifest.xml:

Very grateful for any help!

Answer 1

Hi @Green Arrow ,

According to my research and testing, I found that "When the app requires organization-level permissions, the requestor will need approval from a Microsoft 365 admin to continue with the installation."

More information for reference: https://learn.microsoft.com/en-us/sharepoint/request-app-installation-permissions

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---