App Permission and App Management in SharePoint Online Apps

Sriram Varadarajan
Enterprise Architect
Published On :   23 Apr 2017
Visit Count
Today :  2    Total :   2684
Plan, Migrate, Secure, Report
SharePoint & Office 365 Tool. Simple & Easy to Use. 15-Day Trial!

Sharegate: Kick-Ass Tool
Think Your SharePoint & Office 365 Are Secure ? Find Out Now!

In this article we can have a look at different options available in Office 365 to manage SharePoint Online APPS and 0365 APPS with different privileges.

Manage App Permission (Security & Compliance)

Microsoft newly added this module under security and compliance (which is in PROTECTION.OFFICE.COM), this feature help us to manage the APPs which consume/use information from Office 365.

App permissions help you decide which apps you allow your users access to, and which ones you want to ban.

Note: Business users can consume third party APPs in Office 365 only if the integrated APPS setting is turned on in your tenant.


We might end up seeing 2 different APP under Manager Permission Module

1. An organization’s Azure AD administrator configures the app and assigns it to individual users or to the entire organization, and these app will show up in the manager permission portal

2. Develop an app that registers in a user’s Azure AD without admin assignment, by allowing users to sign on with their Office 365 credentials.

Note: Not every APP is displayed under APP launcher, to know how Apps are displayed under the APP launcher for every user, please refer this link.

SharePoint App Permission (SharePoint Admin Center)

Users either from APP-catalog or from the office stores based on the configuration made, they can install custom apps and third party apps in their SharePoint tenant that depends on user requirement.

ADMIN will get to see all the SharePoint APPS which is installed with tenant scope and can still restrict the APP that can be consumed by the business user.

This module is under SharePoint Admin Center => Apps => App Permissions.

Note: Any app with site collection/web/list scope are listed under Site settings => Site app permission page.

Admin can remove app permissions from SharePoint app permission page. After removing the app from app permission page, we can see the app in site contents page because it’s just the app permission which is revoked.

Note: Whenever a user installs a tenant scoped app in SharePoint site collection, it will create a new entry in SharePoint app permission page. If the user installs the same app in multiple site collections, duplicate app entries can be seen in SharePoint tenant app permission page with different app ids.

App permission request scopes



site collection






App Permissions Requests

1. Read-only

·         View Items

·         Open Items

·         View Versions

·         Create Alerts

·         Use Self-Service Site Creation

·         View Pages

2. Write

Read-Only permissions, plus:

·         Add Items

·         Edit Items

·         Delete Items

·         Delete Versions

·         Browse Directories

·         Edit Personal User Information

·         Manage Personal Views

·         Add/Remove Personal Web Parts

·         Update Personal Web Parts

3. Manage

Write permissions, plus:

·         Manage Lists

·         Add and Customize Pages

·         Apply Themes and Borders

·         Apply Style Sheets

4. Full control

All permissions

SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.

Migratiin Tools for SharePoint