I created a Google Apps Script project that is published as a WebApp visible for anyone, running as the accessing user.
This WebApp includes a Library project, which has methods to access ScriptDb as following:
function getDb() {
return ScriptDb.getMyDb();
}
function save(props) {
return getDb().save(props);
}
I intend to have one WebApp running per accessing user (using time-based triggers to access Gmail), however I would like to use the ScriptDb to store data independently from the user running the WebApp.
So I thought the chapter Centralizing a Place to Get a Database Instance from the Google Apps Script Documentation applies here, however I am getting the following error when accessing the WebApp:
You do not have access to library MyDBLibrary, used by your script, or it has been deleted.
Am I doing anything wrong? Was ScriptDb not intended to run independently of the user, when being accessed from a WebApp?
Joscha - you have the set up right and I reproduced everything you've reported. The last thing you were missing was to the share the Library project itself to the public.
The way to do that is to
1. Open the Library project in the script editor
2. Go to File -> Share
3. In the "Who has access" section, set it to anyone with the link can View (dont need edit).
Without this, Apps Script will now know its ok to serve the library code to the public. Hope this helps.
You may need to turn on development mode flag to make it work.
Here's what I did.
User A: Created a Master spreadsheet and created an app script and saved it with version 1.0.
User A: Gave access to this sheet to user B so they can use the common app script.
User A: Gave project access key to user B.
4.User B: Created a spreadsheet and added resource library with project key.
User B: Selected version 1.0.
User B: Turned on development mode.
Note: if I follow steps 1 through 5, then I still see the same error saying I don't have permission or the script has been deleted. However, also doing step 6 will resolve the error and allow you to use the shared script.
Related
I create Library in my app script and share it by another spread sheet and work fine.
now I share this spread sheet by another google account but not working in the library section give me error: You do not have access to library *********, used by your script, or it has been deleted.
I try to add the Script ID in another account to find library but give me this error: You do not have access to library *******, used by your script, or it has been deleted.
Any help about that pleas.
You need to share your Library (or your script and sheet if it is a bound script) to your users from script.google.com. This should appear when you click on the menu option (...) beside your deployed library/script.
This should give other accounts permission to access your Library.
Reference:
Libraries
If you want one or more methods of your script to not be visible (nor usable) to your library users, you can end the name of the method with an underscore. For example, myPrivateMethod_().
Resource scoping.
There are two types of resources: Shared and Not-Shared.
Please read this for more details - https://developers.google.com/apps-script/guides/libraries
I'm creating forms on demand and i need to be able to set up the triggers. If i do it on the main AppsScript script that is handling the forms creation, i'll hit the 20 triggers max quota pretty soon. So i decided to add a dedicated script to every form (associating with parentID) so i won't hit the quota.
My problem is that when i try to add the triggers i'm getting permission denied since the scripts created for each form are using a default GCP project and it needs to be a standard GCP project due to OAuth.
I can add the project number manually, but that kind of defeats the idea of being able to generate google forms on demand.
I want to be able to link the script created with the standard GCP project that is already configured, but i just can't find anything on Google's documentation, i know its a long shot but i've decided to post here in hopes that someone that had the same problem managed to do so.
As requested on the comments below, the triggers that i'm using are:
onFormSubmit - get the response and send it to my endpoint in the backend server
onOpen - ensures that the editor hasn't removed anything default (this only works when an editor opens the form in edit mode)
This is the project number im referring to.
Thanks
Why am I not able to give permission/authorization to a Google Apps Script that I also made using the same Google account?
It seems like Google doesnt trust myself to use my own Google Apps Script with my own Spreadsheet.
Here is the line of code that breaks everything. If this line doesnt exist, I'm not asked for permission.
var sheet = SpreadsheetApp.getActiveSheet();
So it's trying to access the spreadsheet that created this Google Apps Script, also made using my account but I cant grant permission.
When I run the line of code above, I am told I need to give permissions, so I do by selecting the account name I am already logged into. I am greeted by this error,
This app isn't verified
which unfortunately does not provide competent documentation to troubleshoot.
Any feedback or help would be much appreciated! Thanks!
Click on the "Advanced" link and you'll be able to authorize your script.
To reduce the scope of permissions you request, you also have the option of declaring your script project to be only able to interact with the bound document:
/* #OnlyCurrentDoc */
function myFunction() {
...
This declaration is incompatible with some methods (such as SpreadsheetApp.openById()), and using an incompatible method results in an error in the application execution.
Successfully adding it to your project is generally sufficient to remove the "This application is unsafe" layer of the authentication flow, meaning the authorization and permission list is not hidden behind the "Advanced" tab.
In addition to declaring as current document only, manually editing the requested scopes of your project in its project manifest can help reduce the perceived threat from an unverified application (for example, retaining only the "read_only" version of certain scopes, where applicable). Apps Script documentation offers more details on project manifests.
I'm hoping to automate some HR work by running a Google App Script via the Execution API. Without getting too much into the details, I'd like to pass employee evaluation data as a parameter into the App Script. The script will then use this data to compile an "Employee Review" GDoc.
So far, I have ran a simple test App Script using the Execution API. For example, I can successfully run a simple function which logs a string or interacts with spreadsheets. So far so good.
But I run into problems when trying to write to a GDoc (which is unfortunately integral to my task). Here's my paired down script:
// TODO: Eventually, we'll pass these variables as arguments
var docId = "MY-DOC-ID";
// Find the team member review doc
var doc = DocumentApp.openById(docId);
// Replace placeholder text
var docBody = doc.getActiveSection();
docBody.replaceText('{{DATE}}', "Date set by App Script!!!");
doc.saveAndClose();
This script works when I press the "Run" button in the App Scripts web UI. But when I try to run via the Execution API, I get:
{
"error": "unauthorized_client",
"error_description": "Unauthorized client or scope in request."
}
So apparently I haven't provided the correct scope? Following the docs, I can find the necessary scope(s) in Project Properties > Scopes which says:
But when I try adding that scope, it wont work. As I said other scopes (e.g. https://www.googleapis.com/auth/spreadsheets) work just fine. Perhaps the auth/documents scope is no longer supported or there's a bug in their API?
Questions
What is the correct scope? I can see a big list here but I don't see https://www.googleapis.com/auth/documents, so?
Any other suggestions? For example, is it possible to write to a Google Doc using the Google Client API directly (i.e. without using App Scripts)?
Doh. I figured out the solution to my problem. While it was a dumb mistake, it's nevertheless worth posting as it may save others confusion in the future.
First, a little context about my setup. I'm authenticating to the Google Client API using a Service Account. Furthermore, as is common when using a service account setup, I am impersonating a user within our organization (specifically my own account).
My missing step (obvious in hindsight)...
Log into the App Script web UI as the person you are impersonating.
Manually run the script by pressing the play button
If the impersonated user has not already granted permissions to access the required scopes, you will be prompted to do so.
After granting access (specifically for the https://www.googleapis.com/auth/documents scope), my authorization error disappeared.
So the lesson: Make sure the account you are impersonating has granted access for all the scopes which your script requires.
I have a Google spreadsheet with a script that connects to BigQuery (using this tutorial - https://developers.google.com/apps-script/advanced/bigquery?hl=ar-AE).
It adds an extra menu option and users can run the script that executes a query to BigQuery.
It works fine for me and I want to share this spreadsheet with other users (who don't have access to BigQuery itself) and allow them to run my script. When I do it, first they get script authorisation dialog and are able to run the script after that. But BigQuery returns error:
Exception: Access Denied: Job XXX:job_NaMBWMRfbMHygS1n10AQXXXX: The user does not have permission to run a query in project XXXXX
I tried deploying the script as a web app and set it to execute under my account but it didn't change anything.
Is there any solution or workaround?
Unfortunately you can only allow access to scripts running as 'you' if it is running as a web app. The only way to run it as a webapp is if the doGet()/doPost() function is called by the browser. Running the doGet() as a function runs it as a normal script.
You can give access to run queries using the project access controls in developers console. Check out:
https://cloud.google.com/bigquery/access-control
The other option is to use the Oauth2 library and store your personal token in the scripts properties. You then can rewrite your script to use the BigQuery REST interface. There is a template for this at:
https://github.com/googlesamples/apps-script-templates/tree/master/sheets-import
The best way that I found is to simply change the configuration of the file appsscript.json. You can find by acessing View > Show project manifest. There you will find an option to change the option executeAs and if you change to USER_DEPLOYING the web app always will run as the person who deployed and most likely have the access to the BigQuery project. You can find the source of the documentation here: https://developers.google.com/apps-script/manifest