Based on the link App permission requests for accessing social features, to access the user profile information, SharePoint app would
need to have read permission on "http://sharepoint/social/tenant". For us, we just need to get the
user picture and with that, our app requires the read permission on user profile. Now site collection administrator won't be able to install our app into his sites and only tenant administrator (for On Premise SharePoint, it means Farm Administrator)
could do so. Customers are complaining the permission requirements for our app is too high. It seems that this is an app design issue where it should relax the read access to user profile since those information is even accessible from SharePoint client API. Any thoughts or any suggestions to work around this restriction?
↧