Office 365 / SharePoint Online – Sorry, only tenant administrators can add or give access to this app.

by · Published · Updated

Hi All,

Today, new issue(my mistake) and learning 😊

Background: I was working on SharePoint online project. We were writing one console application which connects the Office 365 / SharePoint Online on be half of app. That means we were accessing SharePoint Online using an application context (app-only).

Our add-in requiring tenant admin permissions. We have registered our add-in using appregnew.aspx page

URL: https://[tenant].sharepoint.com/_layouts/15/appregnew.aspx

We have generated new client id and client secret. Now we went to appinv.aspx (_layouts/15/appinv.aspx) page, perform the look up for app id generated on appregnew.aspx page and provide following permission as

<AppPermissionRequests AllowAppOnlyPolicy=”true”> <AppPermissionRequest Scope=”http://sharepoint/content/tenant” Right=”FullControl” />

</AppPermissionRequests>

On Create button click, we get an error “Sorry, only tenant administrators can add or give access to this app.” as

Untitled

Figure 1: Office 365 – Assigning permissions to app – appinv.aspx page

What we tried: I was doing these steps with Global Administrator permissions. So really wondering what is the issue? Googled bit but no luck ☹

Then I changed the permissions rather than on permissions for Tenant, I have given permissions for SiteCollection as

<AppPermissionRequests AllowAppOnlyPolicy=”true”> <AppPermissionRequest Scope=”http://sharepoint/content/SiteCollection” Right=”FullControl” />

</AppPermissionRequests> and this worked like wonder.

Solution: As permissions for SiteCollection level working, I was really wondering what is the missing. After some time, I realize that I was trying to give tenant level permissions from my SharePoint site collection and not from admin site. As I generated the add-in id and client secret from my SharePoint site collection, there only I was trying give the tenant level permission.

So, we need to give tenant admin level permission from tenant admin site only as

https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx

But I think error is misleading since even Global Administrator trying to give the permissions and there is no tenant administrator right for Office 365, we have Global Administrator and then other administrators.

 

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Stay tuned on Knowledge-Junction, will come up with more such articles.

Tags:

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

1 Response

  1. dick says:
    November 27, 2018 at 3:05 pm

    Thank you very helpful.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: