The current Manage and install apps and channels staff permission bundles together capabilities that should be separable. In particular, the ability to approve updated app access requests is tied to the same permission that allows deleting apps outright.
The operational problem
When an installed app updates its required scopes, someone with sufficient permissions has to approve the new access in the admin. This is a routine, low-risk action that staff frequently need to handle so the business isn’t bottlenecked on the store owner.
However, the only way to grant a staff member the ability to approve those updates today is to also grant them Manage and install apps and channels — which simultaneously gives them the ability to uninstall any app on the store. For a store running dozens or hundreds of apps tied to fulfillment, accounting, POS, marketing, and inventory, that is a significant blast radius for what should be a routine approval.
The two existing related permissions don’t solve this:
-
Approve app charges— only covers billing approvals, not scope/access updates. -
Limiting a role to specific apps and sales channels — disables install/delete entirely, but also disables the ability to approve updates.
Proposed change
Break Manage and install apps and channels into discrete permissions, for example:
-
Install apps — add new apps to the store
-
Approve app updates / scope changes — approve updated access requests on already-installed apps
-
Delete apps — uninstall apps and sales channels
-
Approve app charges — (already exists, keep as-is)
This would let merchants delegate the day-to-day work of keeping apps up to date without also delegating destructive uninstall capability. It’s the standard least-privilege model that most other parts of the Shopify permissions system already follow.
Use case
Multi-location retail/wholesale/DTC store running numerous installed apps. We want trusted staff and managers to be able to keep things moving when an app issues a scope update, but uninstalls should remain restricted to the store owner and a very small number of admins.