Access levels are an additional layer of Graph API authorization that apply to Business apps. In order for a Business app to be able to request a permission from an app user, or for a feature to be active for an app user, the permission or feature must first be approved for either Standard access or Advanced access.
Business apps are automatically approved for Standard access for all permissions and features available to the Business app type.
Permissions approved for Standard access can be requested from any app user who has a role on the app or a role in a Business that has claimed the app. Similarly, features approved for Standard access are only active for app users who have a role on the app or Business. This effectively restricts Business apps to only accessing data owned by app users who have a role on the app or Business.
This has several advantages:
Advanced access must be approved through the App Review process on an individual permission and feature basis.
Permissions approved for Advanced access can be requested from any app user, regardless of whether or not they have a role on the app or in a Business that has claimed the app. Likewise, features approved for Advanced access are active for any app user, even if they have no role on the app or Business.
For example, any app that allows other Businesses to access their own data will need Advanced access for individual permissions and features before those permissions and features can be granted by, or will be active for, people in those Businesses.
If you want to signify that your app does not need a specific permission or feature, you can remove it by clicking the trash can icon alongside the permission or feature in the App Review > Permissions and Features panel. You can restore access to a removed permission or feature by searching for it again in the same panel and clicking its Get Standard Access button or Get Advanced Access button. Restoring Advanced access to previously approved permssions or features does not require re-review.
All permissions and featuers can be removed except for public_profile.
App administrators can change access levels for individual permissions and features. Restoring Advanced access to permissions and features does not require re-review, but changing from Advanced to Standard will invalidate/deactivate any permission/feature for any app users who do not have a role on your app or in your Business.
We are gradually releasing the ability to change access levels for the email and public_profile permissions so you may not have this option immediately. Please note that setting the public_profile permission from Advanced access to Standard access will prevent Facebook Login from loading for app users who do not have a role on your app or in your Business, so change it with caution.
All business type apps created after February 16, 2021 will automatically be granted Standard Access to the
All business type apps created before February 16, 2021 will automatically be granted Advanced Access to the
public_profile permissions. Apps that are not using the
public_profile permissions will be downgraded to Standard Access for these two permissions.
Business type apps can upgrade to Advanced Access for the
public_profile permissions without going through App Review.
Apps in Development mode can only request permissions from app users who have a role on the app or in a Business that has claimed the app. This is the same as Standard access. Apps in Live mode can request permissions from anyone, but only if the permissions have been approved through App Review. This is the same as Advanced access. Features, which cannot be requested from app users but which are instead active/inactive for app users, behave the same way.
Switching between modes can cause challenges during testing. For example, switching to Live mode could mean that anyone helping develop an app would no longer be able to grant the app unapproved permissions. Also, the only way to test a new, unapproved permission is to switch an app back to Development mode, breaking it for non-role app users, or to create a new child Test App specifically for testing the new permission. Removing modes solves both of these problems.
Yes, an app can have different Access Levels for every Permission and Feature available to the app. For example, Standard Access for
ads_read and Advanced Access for