Microsoft SharePoint

SharePoint Add-In: How to create & grant permissions in SharePoint?

In this article, we will be going through the step by step guide to create a SharePoint Add-In in SharePoint. Once it is created, we will also look how we can configure or grant the required permissions so that we can perform various actions using this SharePoint Add-In permission.


You must be having a SharePoint Site Collection Administrator access on the SharePoint Site Collection.

Note: This SharePoint App Only model works with SharePoint Online and SharePoint On-Premise (2013/2016/2019), so you can use any site collection.

Create SharePoint Add-In

Step 1: Go to the Site in your tenant and login.

Step 2: Open the new app registration page. To access the page, use below url:

[Site Collection URL]/_layouts/15/appregnew.aspx

This will open a page as mentioned in below screenshot:

AppRegNew.aspx page with empty form to register a SharePoint App
AppRegNew.aspx Page

Step 3: Click on the Generate button available next to Client ID and Client Secret text field to automatically generate the Client ID and Client Secret. Also, fill in the required details as requested in the form i.e. Title, App Domain and Redirect URI.

Client IdThis is the unique GUID of your SharePoint Add-In.
Client SecretThis is the unique secret which also acts like a unique key or password for your SharePoint Add-In.
TitleTitle of the SharePoint Add-In that will be visible to end users.
App DomainIn case of, provider hosted apps, this needs to be domain where your app is hosted. In other scenarios, it could be any valid domain name without http or https e.g.
Redirect URIThis will be the redirect URI of your app. However, if your app is not provider hosted app, you can use any valid url here. E.g.
List of fields used on the AppRegNew.aspx Page along with its description

Step 4: After generating/filling all the details in the form, click on the Create button. This will register the Add-In and navigate you to another page displaying the details as shown in below screenshot:

App details once registered in SharePoint
Details of the SharePoint Add-In

Important Note: Safeguard these details because using this combination of Client Id & Client Secret, anyone can read/write the data in your SharePoint site based on the permissions you grant to your app.

Grant Permission to SharePoint Add-In

Once it is created, it’s time to grant the required permissions to the Add-In. So that it can be utilized to perform various other actions. Let’s follow the below mentioned step to grant the permissions to a SharePoint Add-In.

Step 1: Navigate to the page [Site Collection URL]/_layouts/15/AppInv.aspx which will open a form as mentioned in the below screenshot.

AppInv.aspx page with empty form to grant permissions to App
AppInv.aspx page without any details in the form

Step 2: Enter the Client Id of your SharePoint Add-In in App Id field and click on the Lookup button. This will retrieve the information as shown in below screenshot:

AppInv.aspx page with App details filled in
AppInv.aspx Page with SharePoint Add-In details

Step 3: This is the key step in granting the permission. To grant the required permission to your SharePoint Add-In, you will first need to prepare the permission XML. Here, I will be using the below mentioned permission xml which will grant full control at site collection level,

<AppPermissionRequests AllowAppOnlyPolicy="true">
	<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
AppInv.aspx page with permission xml along with App Details
AppInv.aspx Page with required details including permission xml filled-in in the form

Tip: For more details about permission xml, you can refer to the official documentation from Microsoft at

Step 4: Click on Create button once details are filled in. It will take you another page to trust the application as shown in the below screenshot:

Trust the App while granting the permissions

Step 5: Click on Trust It button to complete the permission configuration. Before clicking on this button, you can re-verify the permissions that it will have.

Please feel free to share your feedback / suggestion / queries for this article in comment section below.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *