Set file permission to limit editing - google-apps-script

I am working on a application that involves multiple users. The application is based on a spreadsheet. After the user inputs information in the spreadsheet they click a button and a Google Doc template is copied and opened in a custom dialog and the user (author) writes a journal of their conclusions. The author can come back to their doc file through the spreadsheet to add addition comments.
Now another user goes into the spreadsheet and want to see the other authors comments, but they shouldn't be able to edit just view. The author is known and an admin is known but the other users may not be known at the time the file is created. And the number of users that could view may increase as time goes on.
1) What it the best way to set edit and view premission?
2) What permission can give the admin the ability to delete the authors files?
I have also posted these questions on the Google App Script Community.

Related

Multiple owners of a Google Sheet

I have a google sheet and I am the owner of it. My colleague often wants ownership access of it, so we have to toggle the ownership between us by changing the Status every time. Is there a way I can have multiple owners for a Google Sheet? If it means using the App Script code, I am open to it too (I tried to find a code but haven't seen it yet).
Hoping to get help from folks here. Thank you in advance.
The answer is no. A google spreadsheet can have only one owner.
There are 4 different levels of permissions to allow for flexibility and control over security and access around users:
Ownership
Edit
Comment
View
If we assume that the owner does not have special protected ranges or sheets, which can only be edited by him/her, an editor can have the same privileges when it comes to editing/modifying the content as well as being able to share the file with other users. A spreadsheet file can have multiple users that belong to categories 2,3 and 4, but only owner (category 1).
There cannot be more than one Owner at a time. Transferring ownership in Google drive will lead the documents to be organized in a single folder, titled with the previous Owner’s email address. The original Owner will still have only the editing privileges.

Google Sheet - limit certain users from organization from editing/viewing?

I have the following issue.
I have a Google Sheet that is shared with everyone within my organization(300 people) and they have to have edit rights.
But, certain users from that organization should not be able to edit or even access the file, even tho it's okay if they can just view it.
I'm currently battling this by using a script that checks the users mail(Session.getEffectiveUser().getEmail()) and if they match the address in the array that contains all the addresses it fires an alert modal telling the user they are not eligible.
However, this works but if the users simply closes the alert he/she can continue editing the sheet. Which is not desirable. :)
I've searched but i failed to find a working solution or at least the idea to prevent those few users from the organization to edit this Sheet.
Appreciate any input, thanks!

Access - Scripts Bound to Google Sheets

From the documentation of the the bound script:
https://developers.google.com/apps-script/guides/bound
"Only users who have permission to edit a spreadsheet, document, or form can run its bound script. Collaborators who have only view access cannot open the script editor, although if they make a copy of the parent file, they become the owner of the copy and will be able to see and run a copy of the script."
This feature is kinda limited. I have created a big sheet that are used by multiple users. I need the script to be executable by Read Only access users. The script that I created are not making changes to the document, so it should not affect by the access level of the users.
Administrator have Edit access to the document. They have access to all calculation/ configuration cells/ sheet.
Managers have Edit access to the document. Managers have Edit access to most of the cells/ sheet. Managers task is to update the cells
All remaining users only have Read Only access to the document. They can view cells and the automated calculation.
Because the cells have too many columns, I have created a button (eventually I want to move it to onOpen) for easy navigation to a specific cell. This is done dynamically based on today's date.
This is working fine as expected for Administrator and Manager (have Edit access), however not available for the rest of the users with Read Only access.
Is there any workaround for this?
Thanks
Unfortunately not. You are the edge case. The whole point of GAS is to make editing easier, providing tools. A Google document/Spreadsheet/etc. normally isn't THAT hard to maneuver through.
However, if your REALLY want viewers to see specific parts of your spreadsheet, but not edit it, you could try making a standalone script. Have it pull data from the spreadsheet using the spreadsheet's id and then project it on the HTML page, in a table or list.
I Agree with EvSunWood, though I would go about the task in a slightly different way. You could give read only access to the main sheet to the user. And then give them full access to a separate sheet with code attached which onOpen updates itself from the original with all of the latest data and then navigates to the appropriate row.
I agree too with this answer, it's not possible to allow view only users to execute scripts, but contrary to using an script to overwrite edited data, I suggest you use sheets/range protection this way we reduce risks like a failure on the script by on open trigger due to "change collisions" caused by several users opening the same file at almost the same time.

Google Spreadsheet - Show sheets depending on type of user

Is there a way, to make a certain sheet in Google Spreadsheets, be editable and accessible to a certain type of user, while not be accessible to another type of user?
I currently have a Google App Script project, that allows a certain user to use an HTML form to input certain parameters, and a Google Spreadsheet is automatically created for him (thus, everything in the spreadsheet is created programatically).
This new spreadsheet should have access by different "types" of users.
A "type" of user just means a specific person that has specific authority over the spreadsheet.
For example:
There are users who would be able to edit anything in the spreadsheet. There are other users who can only read it (but not edit it). There are users who would be able to access custom Menus (that allow them specific actions related to the spreadsheet), while other users should not.
For now, I solved the above problem by having 2 types of users:
1)A user that is given "Can Edit" access to the spreadsheet by the creator. This user can edit any sheet in the spreadsheet, and access every custom menu (since those are created in the "onOpen()" trigger, which executes only when the user has "can edit" authority)
2)A user that is just given a "Can View" public link to the spreadsheet. This user can only read each sheet of the spreadsheet, but not edit any. He also has no access to any custom menus.
This worked for a while, but now I have new requirements that should allow the 1st type of user, to have access to specific sheets, while the 2nd type of user should not even have read access to them.
Is there a way, using either Google App Script, or other functionality from Google Spreadsheets, to make this happen?
I know sheets can be made visible or invisible, but doesn't that affect every user, even those I want to be able to view and edit them?
If it's possible, I also want to know if it can be done programatically using Google App Script.
Is there also a way to have more functionality restricted to different types of users? What if I want a specific user to be able to edit a certain sheet, but not be able to access specific custom menus?
If it is not possible to do so, the only solution I can think of is to create separate spreadsheets for each of these "restricted features", and give "Can Edit" access in that spreadsheet to each type of user I want to have access to those features.
However, ideally everything should be done in a single spreadsheet, since I want all the information contained in a single access point, and not scattered in different spreadsheets with (maybe) little relation between each other.
Thanks
now I have new requirements that should allow the 1st type of user, to have access to specific sheets
Editors already have access to all sheets.
the 2nd type of user should not even have read access to them.
Well, that would trigger the need for either using a 2nd spreadsheet that imports the data / sheets that you only want the "Can View" users to see or you could go with creating a web app that only displays that data if you just want to stick with 1 spreadsheet (but still 2 urls).
I know sheets can be made visible or invisible, but doesn't that affect every user, even those I want to be able to view and edit them?
This is fairly easy to test manually. Have an editor hide a sheet while a viewer has it open in another window. The sheet will be hidden on both.
I also want to know if it can be done programatically using Google App Script.
yes - SpreadsheetApp.getActiveSpreadsheet().getSheetByName(name).hideSheet()
Is there also a way to have more functionality restricted to different types of users?
If you have the users and their permissions stored some where, then you can control what functions run based on their email.
function myfunction() {
var validUsers = ['ex1#ex.com', 'ex2#ex.com'];
if (validUsers.indexof(Session.getEffectiveUser().getEmail()) >= 0) {
// continue
}
}
What if I want a specific user to be able to edit a certain sheet, but not be able to access specific custom menus?
Use the same technique as above to filter out who should be able to see menus in onOpen().

web app : sharing settings

I have an apps script, a web app (within google site, share option: "Who has access to the app:anyone within mydomain" when publishing it) who make a forms using code as :
var app = UiApp.createApplication();
var panel = app.createVerticalPanel();
.....
When user press submit button the data are saved in a spreadsheet.
I have to give full access to an user group on this spreadsheet in order to make the forms works.
the problem, is that i don't want user1 (belonging to the user group) see what user2(belonging to the user group) has save in this spreadsheet.
At the moment, i share the spreadsheet without notifications but users are style able to access the spreadsheet using "shared with me" button on the drive.
Question:
Is that possible to hide share (like $ share on windows)?
Is that possible to let the script special grant option to read/write the spreadsheet without sharing it with the user group on run time.
or how the actual google forms (the one provide by google drive, not mine) handle this problem ?
Google API is not activate in my domain, i have a google education license and i am the admin of this domain.
hope it's clear enough.^^
thanks for hwelp
If you use Google Forms, you do not need to share your spreadsheet at all. You can distribute the URL for the live form, and from there users can only enter form data. Forms are static, though - you can edit the questions easily, and create logical flows between pages of questions based on previous answers, but you cannot dynamically include data. You're also very limited in your options for layout. But aside from that, the ease of use and information security make them a good option.
With Legacy Forms, collected data is stored in a spreadsheet. Since the introduction of the new Forms, you need to first create your spreadsheet, then select Forms - Create Legacy Form to start. The "Summary of Responses" report reflects what is in the form table in the spreadsheet. Any changes you make to the sheet affect this, for example row deletion, addition, or information edits.
With the new Forms, introduced in February 2013, the collected data is attached to the Form, not a Spreadsheet. You can choose to have it copied to a spreadsheet, but since that is a copy, any edits you make to it will not be reflected in the "Summary of Responses". You can create a new Form from the "Create" dialog in Drive, or from within a spreadsheet.
Your spreadsheet must be shared as 'anyone with the link can EDIT', as long as you don't publish this link no one will be able to find it and it will not appear in their 'shared with me' category.
Your webapp however will allow each user to fill the spreadsheet with their date by using the form.
see this other post that shows a practical example.