Avoid Open ScriptEditor of Google Spreasheet - google-apps-script

In my google spreadsheet, my scripts and custom function already work. However, I want to prevent other users from accessing the script editor, but they should be able to access/run the custom menus.
Is this possible, if so could you point me in the right direction?

If the user has Edit access to the document they have access to the script. If you need to remove access to the script you will need to publish it as an add-on. This is a pretty simple process especially if you are publishing it for your own work domain.
https://developers.google.com/apps-script/add-ons/

Related

How can I "publish" an editor add-on to be used by just me?

I'm involved in a standards development group where the meeting invitations are sent out, not as calendar invites, but as Word docs. I've written a script that allows me to take the Word doc uploaded to Google Drive, and run the script to create an entry on a Google calendar that I maintain.
At the moment, the script is unpublished, and to run it on the docs I use the "Test as Add-On" function from the script editor. That's a bit cumbersome because I have to go through the selection dialog to select the doc I want to run it on. Additionally, in the new scripts editor, it won't be possible to delete old tests and so my test dialog will end up getting filled up with every run of the script I've ever carried out.
It would be much better if I could have the script available to me, and me only, from the Extensions->Add-Ons menu when I open a doc. The script is not suitable for general publication: it works only on docs with the exact format of these meeting notices, so it should only be run by someone who knows what they're doing, and it accesses a calendar that I own, so I don't want to make it public. But I would like to be able to put it into some kind of "deployed" state so that, as I say, when I open any doc when I'm logged in as me, the script is just available directly from the Add-Ons menu.
Is there any way to achieve this? Or is there an alternative approach possible to this general problem, of having a script that you want to run on multiple documents that you own without having to formally publish it?
One option to "test as add-on" without publishing the script as an editor add-on, is to use installable triggers instead of simple triggers. This triggers should be created by using code in order to avoid having to add any code to each spreadsheet.
If you are determined to take the publishing path you can set your add-on listing to be "unlisted", this means that the add-on will not appear on the Google Workspace Marketplace, people will need to know the installation URL to be able to install the add-on.
Other options:
If you have a Google Workspace account you could publish the add-on privately for your domain. If you don't have this account type or if this is "not good enough", you might make your Google Apps Script add-on publicly installable but limit its core features to be used only by you by making use of a dynamic custom menu. For details please checkout Editor add-on authorization
The dynamic custom menu might based on a setting depending on the user email address. To make this work, as the Session.getActiveUser() requires authorization to run, it can't be executed by simple triggers, but you might implement a workflow to save it or a flag, i.e. add an option to the custom menu to initialize the editor add-on.
Another option is to make the dynamic custom menu based on the spreadsheet structure and/or content.
References
Installable Triggers
Enable and configure the Google Workspace Marketplace SDK
Related
Google Apps Script: Dynamically creating spreadsheet menu items
Publish an add-on privately

How to share functions between an add on and a Sheets bound script

I have a couple of script files that are currently being used inside a Sheet bound script via libraries. However, when a user that does not have access to the independent script files tries to open the spreadsheet and utilize it, he is not able to. For this reason, I am trying to deploy the code as an add on, instead of as a library.
Is it possible to get access to the functions inside the independent scripts via the add-on, just as I would do with a library? Would this solve the permissions issue? Is there a better alternative?
Thank you for your time!

Publish as a private add-on to avoid granting permission on copies of gsheets

I have a similar question to both of the questions below. I have a script bound to a google sheets, and I use this sheet as template. However I'm looking for an option to not have to grant permission each time I copy the file.
From reading the answers in the questions below, I understand I have to publish a standalone script as an add-on.
However, reading this answer, I see that I need to create a Cloud Platform Dashboard and all bunch of stuff which looks pretty messy to me, such as google reviewing process. Again, it is only for personal use...
Is there a way I can privately publish it as an add-on, without having to go through all the process?
Thank you
What is the best way to create Container-bound Scripts that can be cloned?
Grant permissions on open for first time for a bound script in Google Sheets
If you don't want spreadsheet hook triggers like onEdit or button or anything else, You can use a standalone script.
A standalone script can be written, which loops through your spreadsheets doing what's needed based on a time trigger.
Adding to the already existing answer
Publishing a private add-on does not require going through the Google Review process, especially since it is for personal use only.
Therefore, the situations below do not require verification:
If you want to deploy the add-on solely for internal use which means that the add on will be used only by people in your Google Workspace or Cloud Identity organization.
If you want to use the add-on domain wide which means that the add on will be used only by Google Workspace enterprise users within the domain.
For the whole list of exceptions from the verification process, you can check this here.
Reference
OAuth API verification FAQs.

Are Google scripts attached to a readonly spreadsheet visible to the user?

I'm working in a Google Script that runs on a a Google Spreadsheet and creates an onEdit() trigger on it.
I would like to know if this script is somehow visible (through Google's interface or any kind of source code inspection) to the users that access the table with readonly permissions.
From my understanding users would not be able to access such a script, since they are suppose to run on Google's server side and not on the client browser. I couldn't find anything about that on App Scripts documentation.
Regarding the use of a web browser developers tools (like right click and selecting Inspect) over a spreadsheet they will not the script code if you do right clic over an spreadsheet but it might show the name of functions called by a custom menu or image with an assigned function, not the code of the onEdit function.
User with view access can't view the code but, if you didn't disable disabled make a copy, they see the code if they made a copy of the spreadsheet.
An alternative to limit users to make a copy of the spreadsheet is to publish your script as an add-on.
Related
How to protect the Apps Script code in a Google spreadsheet?

Google docs scripts asks for permission everytime

So my question i have a google docs template which has a script with certain autofill criteria. After you click on use this template fine you get a file and when you run the script everytime is asks for permission to access the certain things google needs to identify you, it basically acts like its a new app everytime you create a new file from the template.
Is their a way of setting it won't ask for permission everytime?
If you have a document bound script in your document, and if you will make a copy of that document and run the script, google app script will ask permission every time. Copying the document with script acts as if you have created a new script file and now script will ask permission on its first run.
Possible solution
You can publish your script as google document add-on. If you don't want to expose it publicly, you can also publish the add-on privately which only you or someone you will share with, can use.
check out the documentations
https://developers.google.com/apps-script/add-ons/publish#development_checklist
https://developers.google.com/apps-script/add-ons/domain-wide#publishing_for_domain-wide_installation
Publishing the add-on will bind your add-on to every document for google apps.