Full disk access for MACOS app distributed out side Mac App store

You don’t have permission to save the file “ESPlus” in the folder "Applications.”

Right. A sandboxed app starts with a default static sandbox where the /Applications directory is readable but not writeable. For more on this, and macOS’s file system permissions in general, see On File System Permissions.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for your quick ans but then what is the way to update notarized app distributed to outside the MAC Appstore in .zip format?

what is the way to update notarized app distributed to outside the MAC App Store in .zip format?

If you distribute an app directly, rather than on the Mac App Store, you take on responsibility for updating it. Some folks build their own update mechanism — the obvious player here being Sparkle — while other just ship a new version and expect the user to do the update.

In terms of sandboxing, directly distributed apps don’t have to be sandboxed and thus can get around this restriction. If you want your main app to be sandboxed then it’s common to ship a non-sandboxed helper program to do the upgrade. This is especially important if you want non-admin users to be able to upgrade, because /Applications is only writable by admin users, and thus you have to escalate BSD privileges.

Some background reading here:

• On File System Permissions

• BSD Privilege Escalation on macOS

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"