I was wondering if it is possible to show/hide links on the sidebar navigation of a Google Site based on what the email / permissions the end user has. Has anyone ever done anything like this? I don't see any options under "edit site layout", perhaps it can be done with Google Apps Script? If anyone has any resources / links to similar problems and solutions, that would be appreciated. I can't seem to find anything on the subject myself.
Users will only see pages they have access to, so you can set individual page permissions and this will hide the page from some users. I use Google Groups to define the permissions and add users to the appropriate groups. If a user is in a group which has permissions to view, they have permissions to view. If they are in a group which has edit permissions, they have edit permissions. They will get the highest permissions associated with all the groups they are a member for which is applied to that page.
Related
I've seen other questions who shared this same issue here and here, but the solutions are not working for us. Our users are confused with the checkboxes since they haven't seen them on other apps before and it's making them more paranoid about the access they give.
Our app requires contacts and calendar read-only access to function, and i've tried many tricks mentioned by others but none of them worked:
We added email, profile, openid in Cloud Console scopes, the checkboxes still appear
We split login from authorization access, the checkboxes still appear.
Are we missing anything?
It seems if we only ask for 1 permission, it might solve the problem, but it's too inconvenient to ask the user to open 3 popups to authorize access.
Feedback to Google Team:.
Granular permissions are definitely in the right direction for user privacy,
but:
Process penalizes apps with granular permissions (e.g. if i ask for all calendars.readonly, and events.readonly, those force to show 2
checkboxes, whereas if i ask for only 1 super permission like
Calendly's "edit/manage/delete all calendars and events", it doesn't
show a checkbox.
Introduces a lot of inconvenience and unnecessary fear for the user.
Not all apps have the same granular permissions, and it's rewarding old apps (like Calendly) who are not yet impacted by granular
permissions, whereas new apps are inherently disadvantaged.
Ideas:
Allow app developers to select which permissions are optional vs required
Add an explanation field that shows the utility next to each permission requested to the end-user, and this could be added to the app review
process for sensitive scopes.
Make authorizing new permissions super fluid 1-2 clicks away, instead of opening a popup. Think how mobile apps ask for contacts
permission, it's granular, contextual and only 1 click away.
The workarounds that you mentioned may work but it seems that Google has announced this change on this behavior since 2018. Looks like the behavior happens when the app is requesting access from different services as noted in this Project Strobe blog.
There will be no direct way to remove the granular scopes if your app would be requesting permissions from different services as this will force the granular permissions to show up.
I'm currently creating a Google Site for staff where I work. We would like each staff member to have their own page that only they can view with details such as rota's, shift itinerary etc. We would not like other members of staff be able to view this. The current idea I have for implementing this is to run a script that generates a page for each user with the custom permissions set so only editors and themselves can view it. However, although I am aware you can set site wide permissions through Google Scripts, I can not find a way to set page wide custom permissions programmatically.
Is anyone aware of a way I can do this or if there is an alternative way to achieve the same goal?
Many thanks
Check out the following link:
https://code.google.com/a/google.com/p/apps-api-issues/issues/detail?id=2934
And also check out the following link (check comment #15):
https://code.google.com/p/google-apps-script-issues/issues/detail?id=1021
(comment #15): A work around you can use is to add a group with the permissions you require and then from Apps Script you can programmatically add/remove people from the group.
If you want Google engineers to develop this functionality then vote for this issue on the above link.
Please suppose a situation. Organisation has a shared folder, with many people having access to sub folders some should not be able to edit/delete documents, but they should still be able to view and add documents to a folder.
Subsequently they should be able to share their own document with anyone (from the main folder "share list") but should not be able to share a document they were asked to join.
In Google Drive, Sharing settings offer 3 options depending on the user to restrict access. Each document CREATED in a shared folder inherits the share preferences of the parent folder. However, each document's access settings can still be managed individually and changed accordingly as well. Following are the 3 options and the access they provide to users:
Can Edit - With this option the user has access to edit, delete and share the doc
Can Comment - With this option the user in neither able to edit, nor delete or share the doc. However, they can view and insert comments to the doc.
Can View - Users can see the file but they can't comment on it or edit it.
In both, Option 2 & 3, Users are not able to share the doc but they are able to request for access in case they want the doc to be shared with someone. This request will go to the owner of the document. For more info, please take a look at this link.
Users with access to the parent folder might be able to see the document in the list, but if they haven't been given access to the document, they will not be able to open it. However, they might be able to request access to that document. Such access requests are forwarded to and handled by the owner of the document.
This link might help shed more light on the matter as well.
Using SitesApp.AddEditor() you can add users to a specific Google Site.
But how can you add the entire domain?
The Google Sites API allows this, just cannot figure out if that method was implemented in Apps Script.
It would appear not, just want to confirm.
Thanks
Just create a group that contains all users in the domain, then add that group as an editor.
Google Apps Script Sites service does not (yet) have a method to set/change the visibility of sites. However, there are possible work-arounds for this:
By default, all users in a domain can find and edit newly created sites. You do not have to add individual users as editors in this case. Google Apps administrator for your domain may have changed the default visibility setting to private, though. In this case you/site owner will have to change this setting on per-site basis by adding users as viewers/editors to the site (read on below). Check with your Google Apps administrator about default visibility setting for sites under your domain. See this help page for more details.
If your domain's default sites visibility is set to private, and your administrators do not want to change that, you still have another option: you can share a site with a group instead of individual users. Any users added to the group later will inherit group's access to the site (or their individual level access, whichever is higher; i.e. if a group has "view" access, but individual user in the group has "edit" access, they will be an editor). Google Apps administrators can create domain-wide groups which include all users in a domain. If your domain has such a group, just add the group as editor to the site using .addEditor('groupemail#yourdomain.com') method to allow all users in your domain to edit the site. Otherwise ask your Google Apps administrator if they can create such a group.
I am currently using MediaWiki as a documentation website, with login authenticated by LDAP.
However, we have hit a snag. Certain pages contain sensitive information. For example links that say "click here to log in". I would like to be able to protect certain pages from being edited by just anyone. I would like to allow certain groups of users (like employees) to edit those pages.
How do I set up page protection by group in MediaWiki (if it is possible)?
This is well-covered in the MediaWiki docs:
In addition the page protection options Andy Lester linked to you can also setup site wide protection against account creation and anominous editing. See MediaWiki Manual:Preventing access