Allow other users within domain to use google apps scripts - google-apps-script

I have written some code within my Master spreadsheet, and then added the script ID to the library on other spreadsheets owned by me. I am able to run the scripts on those other spreadsheets. However, when I share Edit level access to other users and the scripts don't run when they log in. I have to share each spreadsheet on an individual basis, as they contain confidential information (e.g., payroll info).
Here is the process I used.
Get the script ID from the Master spreadsheet.
On each individual's payroll spreadsheet I added the script ID as an included Library. There is a toggle for Development Mode, set to ON (although, I'm not clear on what that is).
Add references to call code from Master.
Again, everything works as expected when I'm logged in, but not when the users are. First of all, the onOpen trigger doesn't work (it should make a menu and then jump to the current month's sheet.) If that user opens Script Editor and attempts to run the script, it says something like, "User doesn't have access to library Master or it has been deleted."
Hopefully I'm just such a noob that there is an obvious oversight. If you notice it, please let me know how to correct this!
Thank you in advance,
Neill

Related

Best way to share inside my domain a script embedded in a spreadsheet

I have a spreadsheet, with 2 scripts embedded, that monthly is sent to some accounts (teachers) inside my domain. One script reads a form (exam) and write the results in the spreadsheet, the second script transfer the final evaluation (the teacher must add other info to the exam scores) to another public spreadsheet where the people can see the results.
Everything works fine, except that the first run of one of the scripts, asks for Authorization. I'd like to avoid that and I read many articles about Authorize scripts, but I couldn't find the solution.
I don't need to Publish an App, that is far away from my needs and my abilities.
I explored Add-on feature, but in some forums I read that there are limits for the Add-on capabilities and possibly it doesn't work between forms and spreadsheets.
So, is there any option to distribute a script inside my domain and the people are not required to Authorize it?
You can add an installable onEdit trigger from your account, trigger script function if specific cell is updated by the rest of the user.

Start a script from Custom Menu, ask user questions, create new sheet without needing permissions?

I have a shared Google Sheet which is an Installation Schedule for a small company. Each sheet is a week. I've created script actions that do things like look for data changes, and if appropriate, hide and unhide rows. This works for everyone that the spreadsheet is shared with, with no prompting for permission.
The function to create a new weeks is executing by clicking on a entry in a Custom Menu. It then prompts the user for the date of the first week and the number of weeks to create. After some user entry error checking, it copies a hidden template sheet to a sheet named after the week's date range, updates a date entry cell, copies sheet protections and then unhides the newly copied sheet. This works for me as the sheet owner, however, it is creating authentication dialogs for any other user to which the sheet has been shared.
I could get around this by deploying this as a test app in the Google Cloud Platform interfaces, but then I would have to specifically share it with the users, which a) are not part of a Google Workspace and b) are likely to change, therefore requiring on-going maintenance.
Given that the script is modifying "my" sheets file, I don't understand why permission would be needed and am hopeful there is a way around this.
I have searched for and tried many possibilities, but none seem to solve the problem.
Anyone have any expertise? I am a competent coder, but relatively new to Google Apps, so please be as detailed as possible.
Functions called from Google Workspace editor custom menus executes under the active user. If the function use any method that requires authorization to run it will show the OAuth consent screen for your script.
Unfortunately there is no way to avoid this. Even making calls to APIs through UrlFechApp by passing the appropriate credentials, in this case to call the Google Sheets API, it will be required authorization of the active user for https://www.googleapis.com/auth/script.external_request.
The option to use the custom menu to open a dialog or sidebar to run client side code will also require the user to authorize the script.
Considering the above iF you really want to avoid to ask the user to authorize anything, forget about using custom menus. You might consider to use installable triggers, i.e. use edit / change installable triggers to call functions when edit is made like clicking a checkbox or selective a value from a data validation dropdown.
Related
https://developers.google.com/apps-script/guides/sheets

Access - Scripts Bound to Google Sheets

From the documentation of the the bound script:
https://developers.google.com/apps-script/guides/bound
"Only users who have permission to edit a spreadsheet, document, or form can run its bound script. Collaborators who have only view access cannot open the script editor, although if they make a copy of the parent file, they become the owner of the copy and will be able to see and run a copy of the script."
This feature is kinda limited. I have created a big sheet that are used by multiple users. I need the script to be executable by Read Only access users. The script that I created are not making changes to the document, so it should not affect by the access level of the users.
Administrator have Edit access to the document. They have access to all calculation/ configuration cells/ sheet.
Managers have Edit access to the document. Managers have Edit access to most of the cells/ sheet. Managers task is to update the cells
All remaining users only have Read Only access to the document. They can view cells and the automated calculation.
Because the cells have too many columns, I have created a button (eventually I want to move it to onOpen) for easy navigation to a specific cell. This is done dynamically based on today's date.
This is working fine as expected for Administrator and Manager (have Edit access), however not available for the rest of the users with Read Only access.
Is there any workaround for this?
Thanks
Unfortunately not. You are the edge case. The whole point of GAS is to make editing easier, providing tools. A Google document/Spreadsheet/etc. normally isn't THAT hard to maneuver through.
However, if your REALLY want viewers to see specific parts of your spreadsheet, but not edit it, you could try making a standalone script. Have it pull data from the spreadsheet using the spreadsheet's id and then project it on the HTML page, in a table or list.
I Agree with EvSunWood, though I would go about the task in a slightly different way. You could give read only access to the main sheet to the user. And then give them full access to a separate sheet with code attached which onOpen updates itself from the original with all of the latest data and then navigates to the appropriate row.
I agree too with this answer, it's not possible to allow view only users to execute scripts, but contrary to using an script to overwrite edited data, I suggest you use sheets/range protection this way we reduce risks like a failure on the script by on open trigger due to "change collisions" caused by several users opening the same file at almost the same time.

Sharing a Google Spreadsheet containing a script with a workgroup so they can use it, but not modify it

I have written a Google Spreadsheet script which reads data from a user provided CSV file, populates a sheet with the data, makes a copy of the spreadsheet with a different name, and provides a link for the user to click to see the new spreadsheet. After making the new copy, the original spreadsheet is then cleared of user data and restored to its original state so other users can use it.
I want to share this spreadsheet with the workgroup (several hundred users), but I don't want them to be able to modify either the sheet or the script. If I share it read-only the script won't run, but to get the script to run I have to allow users edit capability and that is a bad thing.
I have googled myself silly trying to find a direction in which to go, but I am still wandering in the wilderness.
Can any of you point me in the right direction? If I need to be more specific or provide more information I will be glad to do so.
Thanks,
Larry
P.S. Other questions of note:
o Is it possible for a app-script in a spreadsheet to make the new copy active and 'close' the original shared spreadsheet?
o Can the user be made the owner of the new copy?
There is the option to put the code that you don't want modified, into a Stand Alone Apps Script file, then use that code as a "Library" in your script bound to the sheet. You can set the permissions on the Stand Alone Apps Script to VIEW only. That will keep people from changing it. When you share the Apps Script file with the users, they will get an email notification. So, they'll have the URL to the file, and can view it, but they can't edit it. (If you set it to VIEW only)
So, you'll be using both your spreadsheet file, and a Apps Script file. Two files, and setting the sharing to VIEW only on the Apps Script file. You can still give people EDIT access to the spreadsheet.
You'll need to go through a process of making the function available to your spreadsheet. This is called a "Library", but don't pay much attention to that name when creating the file.
Create a Stand Alone Apps Script
Create the function you want to share.
Get the Project Key --> FILE, PROJECT PROPERTIES
Share the Apps Script file with users you want to give access to, but only give them VIEW access to the file. NOT Edit.
Give the Project Key to the user, (In this case that's just you.) and have them add the library, or if you have access to the spreadsheet, you can probably add the key yourself. So, in your case, you will not be sharing the Project Key with anyone. You don't need to.
In the script file that is bound to the spreadsheet, click the RESOURCES menu, and the LIBRARIES menu item.
Enter the Project Key
Click SELECT button, and turn the library ON.
Make sure to set the library Identifier to a key word you'd like to use.
Go to the code editor, create a function, and type the Library Identifier.
All the functions that are available from the Library will show up
Google Documentation - Gaining Access to a Library
Keep in mind, that creating a library is nothing more than writing code in an Apps Script in a stand alone Apps Script file. If you've done that, then all you need to share is the Project Key. The user of the Library won't see a list of all the available Libraries when Resources, Libraries is opened. You need the Key.

Make spreadsheet only editable through script

I have a script which adds new rows and changes the sheet in some ways.
I'd like to lock this sheet so it cannot be edited manually, but allow the script to be run.
Is there a way to do this?
Yes, it's not the most easier thing to do, but it's possible.
But before we start it's important to understand how Google spreadsheet/sheet protection works.
There's no way to protect a sheet or range from the file owner. So, if you also want to protect a file from yourself (assuming you're the owner). Then the only solution available now (I do hope they change this in the future) is to change the ownership of the file to another account. What most people do is use another Google account that they don't use actively (you can create a bogus easily if you don't already have one).
Then, after you have transferred the file to another account, you can easily lock changes to ranges, sheets or the whole spreadsheet using the regular GUI.
Ok, now to the script. When a script runs, it's always using the authorization of a specific account, and it can do everything that this account can. For example, when someone runs a script directly from the script editor, or clicking on a custom menu or image: it runs under the account of who's clicking. But if you set a installable trigger, then the script always runs under the account of who setup the trigger in the first place (not who's performing the action that actually triggers it). Simple event triggers run as who's triggering the action (you can think anonymously), but they can't do much, it's a security feature (read the link for a better understanding).
Lastly, when one is publishing a script as a web-app, then there's a selection box to choose if the script runs as the developer or the user. Very simple.
Back to the problem. Since we have locked out everybody from the desired sheet/range. For a script to make changes to this locked area, it must run as the file owner!
If the changes you do are automatic, e.g. via a installable trigger, then you're good. Just setup the trigger using the file owner account and that's it. Also, if your users are accessing the script "externally", that is, via a web-app. Then that's easy to, just setup the web-app to run as the developer (the file owner).
The most complicated scenario is if you need to run the script from a custom menu, which will then run under the privileges of who's clicking on it, which themselves can not make changes to the protected area. The solution to this is to deploy the script as web-app running as the developer, and have the function running from the button click to call the deployed url using UrlFetch, possibly passing some parameters to designate what needs to be done. Then, since the webapp runs as the developer (which is the file owner), it can make any changes required, and return (if there's something to return) any value (usually a JSON) to the calling function (which is running as the user and is associated with his session), so you can show him a message on a popup or toaster, etc.
It's kind of tricky but works great, and you can do all that on the same script contained in the spreadsheet. But if you're concerned that your users may access the script editor and change the code (which is possible), than you should separate the web-app part on a different file, that you don't need to share with them.
Yes but only for others not for the script owner. Just use 2 accounts one as the owner and the other one as the reader.