Export (0) Print
Expand All

Requesting permissions for content apps

This topic describes the different levels of permissions that you can request for a content app.

Last modified: February 27, 2014

Applies to: Access app for SharePoint | Excel 2013 | Excel 2013 SP1 | Excel Online

   Office.js: v1.0, v1.1

   Apps for Office manifests schema: v1.0, v1.1

A 4-level permissions model provides the basis for privacy and security for users of content apps. Figure 1 shows the 4 levels of permissions and describes the capabilities offered to the developer by each level.

Figure 1. The 4-level permission model for content apps

Levels of permissions for content apps

These permissions control the subset of API that may be available to the content app at runtime. You can request a level of permission for a content app by using the Permissions element in the app manifest. The following example requests the ReadDocument permission.


As a best practice, you should always request permissions based on the principle of minimal privilege.

The following table describes the subset of the JavaScript API that is afforded by each level of permission.


Enabled subset of API


The Settings object. This is the minimum permission that can be requested by a content app.


The Settings object, and API members to read the document, manage bindings, and subscribe to events. Includes the Restricted permission.


The Settings object, and Document.setSelectedDataAsync method to write to the document. Includes the Restricted permission.


The Settings object, all API to read and write the document, manage bindings, and subscribe to events. Includes all content app permissions.

© 2014 Microsoft