HOTSPOTA company uses SharePoint for project organization and collaboration with contractors. Contractors can
download each of the following SharePoint apps:

The apps have the following requirements:
The purchase request app must approve all purchases without user authentication.
The contractor information app must display only information the current user is authorized to view.
You need to configure authorization for the apps.
Which authorization types should you use? To answer, select the appropriate authorization type in each list in
the answer area.
Hot Area:

Answer:

Explanation:
* App-only policy—When the app-only policy is used, SharePoint checks only the permissions of the app
principal. Authorization check succeeds only if the current app has sufficient permissions to perform the action
in question, regardless of the permissions of the current user (if any).
* User+app policy—When the user+app policy is used, SharePoint checks the permissions of both the user and
the app principal. Authorization checks succeed only if both the current user and the app have permissions to
perform the action in question.
Incorrect:
User-only policy— When the user-only policy is used, SharePoint checks only the permissions for the user.
SharePoint uses his policy is enforced is when the user is accessing resources directly without using an app.
(This policy was always used in SharePoint 2010.)
App authorization policy types in SharePoint 2013
https://msdn.microsoft.com/en-us/library/office/fp179892.aspx