I have a SharePoint Add-in which has the following App Permissions defined in the AppManifest.xml.
<AppPermissionRequests AllowAppOnlyPolicy="false" >
<AppPermissionRequest Scope="http://sharepoint/taxonomy" Right="Write" />
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
To avoid the user needing "site collection administrator" permissions, the "AllowAppOnlyPolicy" is set to false.
The purpose of the app is creating a subsite under which all the needed info is stored. I am able to create the subsite without an issue, but from the moment I try to access lists in the subsite, I'm getting an "Access denied. You do not have permission to perform this action or access this resource." exception. Which I found quite surprising since I expected that if you have "Full Control" on a site, you would also have access to the subsites.
Is there a way to access the lists of a subsite without having to add the site collection read permissions?
I believe that you misunderstood the concept of AllowAppOnlyPolicy. The AppOnlyPolicy actually enables you to override the users permissions and let SharePoint only check the permissions granted to the AddIn (see here), so actually what you wanted. You need to change to:
Why in the first step you can create the subsite, for me only has one possible explanation: That your service account or the users account has the required permissions to do that on that web. (https://sharepoint.stackexchange.com/questions/21193/creating-sub-sites).