diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiPermissionDelegate.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiPermissionDelegate.java
index 3b290a31b..534f60307 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiPermissionDelegate.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiPermissionDelegate.java
@@ -57,9 +57,6 @@ public Collection getPersistentEntities(Authentication ignored, ShibUiPermissibl
         case dynamicRegistrationInfo:
             switch (permissionType) {
             case approve:
-                if (!hasPermission(ignored, null, PermissionType.approve)) {
-                    throw new ForbiddenException("User has no access rights to get a list of : " + shibUiType);
-                }
                 return getAllDynamicRegistrationInfoObjectsNeedingApprovalBasedOnUserAccess();
             case enable:
                 if (!hasPermission(ignored, null, PermissionType.enable)) {
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPADynamicRegistrationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPADynamicRegistrationServiceImpl.java
index 1e613b930..d89c28d6b 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPADynamicRegistrationServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPADynamicRegistrationServiceImpl.java
@@ -7,6 +7,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException;
 import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound;
 import edu.internet2.tier.shibboleth.admin.ui.exception.UnsupportedShibUiOperationException;
+import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorProjection;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Approvers;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Group;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Owner;
diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties
index 711f022ef..bdfec4cc5 100644
--- a/backend/src/main/resources/i18n/messages.properties
+++ b/backend/src/main/resources/i18n/messages.properties
@@ -983,7 +983,7 @@ tooltip.dynamic-registration-name=Name used to identify the registration on the
 label.dynamic-registration-redirectUris=Redirect Uris
 tooltip.dynamic-registration-redirectUris=Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request.
 label.dynamic-registration-responseTypes=Response Types
-tooltip.dynamic-registration-responseTypes=JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring that it will restrict itself to using.
+tooltip.dynamic-registration-responseTypes=JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring that it will restrict itself to using. If not present, Shibboleth will use a default of "code"
 label.dynamic-registration-grantTypes=Grant Types
 tooltip.dynamic-registration-grantTypes=JSON array containing a list of the OAuth 2.0 Grant Types that the Client is declaring that it will restrict itself to using.
 label.dynamic-registration-applicationType=Application Type