diff --git a/authz/authz.go b/authz/authz.go
index 750ba435..3a2ec5aa 100644
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -121,6 +121,10 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		panic(err)
 	}
 
+	if subOwner == "app" {
+		return true
+	}
+
 	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 		return true
 	}