Requesting permissions for content apps
This topic describes the different levels of permissions that you can request for a content app.
Last modified: February 27, 2014
Applies to: Access app for SharePoint | Excel 2013 | Excel 2013 SP1 | Excel Online
Office.js: v1.0, v1.1
Apps for Office manifests schema: v1.0, v1.1
A 4-level permissions model provides the basis for privacy and security for users of content apps. Figure 1 shows the 4 levels of permissions and describes the capabilities offered to the developer by each level.
These permissions control the subset of API that may be available to the content app at runtime. You can request a level of permission for a content app by using the Permissions element in the app manifest. The following example requests the ReadDocument permission.
As a best practice, you should always request permissions based on the principle of minimal privilege.
Enabled subset of API
The Settings object. This is the minimum permission that can be requested by a content app.
The Settings object, and API members to read the document, manage bindings, and subscribe to events. Includes the Restricted permission.
The Settings object, and Document.setSelectedDataAsync method to write to the document. Includes the Restricted permission.
The Settings object, all API to read and write the document, manage bindings, and subscribe to events. Includes all content app permissions.