I have a spreadsheet extended with GAS. Is it risky to share the spreadsheet with others with the secret key embedded?
Nothing has been done so far to address these.
No response is received because the expanded spreadsheet is not given to anyone.
If I grant editing privileges to that created spreadsheet from now on and give it to someone else, is there any risk?
Related
I have a google sheet and I am the owner of it. My colleague often wants ownership access of it, so we have to toggle the ownership between us by changing the Status every time. Is there a way I can have multiple owners for a Google Sheet? If it means using the App Script code, I am open to it too (I tried to find a code but haven't seen it yet).
Hoping to get help from folks here. Thank you in advance.
The answer is no. A google spreadsheet can have only one owner.
There are 4 different levels of permissions to allow for flexibility and control over security and access around users:
Ownership
Edit
Comment
View
If we assume that the owner does not have special protected ranges or sheets, which can only be edited by him/her, an editor can have the same privileges when it comes to editing/modifying the content as well as being able to share the file with other users. A spreadsheet file can have multiple users that belong to categories 2,3 and 4, but only owner (category 1).
There cannot be more than one Owner at a time. Transferring ownership in Google drive will lead the documents to be organized in a single folder, titled with the previous Owner’s email address. The original Owner will still have only the editing privileges.
I've written a tiny script/ macro in google sheets when an image is clicked, some boxes in cells get unticked, when I first used clicked it myself, I had to give permission for myself.
My question is, the other user that I share these sheets with, will they now have permission automatic permission?
I ask because they are not computer literate and won't be able to grant themselves permission.
Apps Script scans the code automatically and determines which are the authorization scopes. In this case, all users you share the spreadsheet with will have to grant explicit permission for the script to modify the file on their behalf. This cannot be avoided.
Check this out for more information: https://developers.google.com/apps-script/guides/services/authorization
I've a public Google Sheet (everyone can access it and edit it). In it, I use a script, a function, that download a csv with the UrlFetchApp.fetch(url);.
When an anonymous user access it (without the google login), the user can view, and edit the sheet, but, the user cannot run the script. The user must be logged with a google account to the script do the working.
The stranger thing is that this sheet with this script was working for anonymous users early. This problem didn't occur before a couple weeks ago.
Do you know if the google change something about security or is it an error that I am doing?
In order to run apps script on a particular user's behalf, Google Workspace requires that user's permission, via an OAuth flow.
If a user is anonymous therefore, you can see why this permission cannot be granted, which is why the script won't work for those users.
I guess it is an intended behavior as long as the anonymous user access the sheet via shareable link. As stated in this support page, you might see a name you don’t recognize or "anonymous animals" viewing your document, spreadsheet, or presentation. This can happen when a document is shared publicly or with anyone who has the link.
Limit how people can view your file
If you want to stop sharing a file you can edit, you can learn how to:
Turn off link sharing for a file.
Prevent others from sharing files you own.
Hope this helps.
I have written a google apps script that captures information from my employees, and writes this in a spreadsheet which only I can access.It also mails the employee, what information they have filled.The script is embedded in my google site.
The problem is,I have to run the script as the owner to be able to edit the spreadsheet and to send the email the script has to be run as the 'user running the script'.
Probable solution is the above problem is to set the script's trigger onChnage i.e. on Change of the spreadsheet on any record / any row the Email relevant that email address on that row mail will be send.
Hope this helps
Given your scenario, you want your script to run in both modes - 'User executing the app' and as yourself which is clearly not possible. However, there are some workarounds you can use.
Set the script to run as the user accessing the app and change the permission of your spreadsheet to provide access to 'Anyone with the link'. That way, no other employee can access or discover the spreadsheet other than if they somehow know the spreadsheet id.
The other option is to set the scrip to run as yourself, keep the spreadsheet private and exploit the replyTo and name options of advanced arguments ( https://developers.google.com/apps-script/class_mailapp#sendEmail ). To the recipient, the email will 'appear' to have come from someone else.
Note, using option 2, you'll run into Issue 2004
I have an app that uses OAuth2 to requests access to someone else's Google Docs. One of the things I want to be able to do with those access privs is to add a trigger on one of the user's Spreadsheets.
The question... is it possible to add a trigger to a spreadsheet that's owned by a different user ID, using a valid OAuth access token for that user?
The only way I can currently see of doing this is through Google Apps Script, but I can't see how to add a trigger on someone else's Spreadsheet, even with a valid access token. Am I right, or is there a way? Is there some other way (other than with Google Apps Script)?
Thanks,
Tom.
To add a trigger to another user's sheet for which you have edit access, use the following line with the relevant spreadsheet ID.
ScriptApp.newTrigger("myFunction").forSpreadsheet("id of my spreadsheet").onEdit().create();