I'm using Google Apps Script to run an encryption on data in a spreadsheet. It's working fine, but that handy revision history in the spreadsheet makes it a bit of a moot point as you can simply view a version prior to the encryption.
Is there a way to delete revision histories, or to simply keep them from being created all together?
No.
The Drive API for accessing revision history specifically does not delete entries on Google sheets.
Something to note revision history is only viewable by those with edit rights. View or comment only rights cannot see revision history.
One solution is to have users submit data to a very narrowly shared sheet via Google forms and set up a trigger to copy the non sensitive meta/aggregate data that you are leaving unencrypted to a more public sheet for access by untrusted users and scripts. the cell formula IMPORTRANGE() would also work it gets access permission from the person entering the formula and can therefore move data from a restricted spread sheet to a less restricted one without compromising the original sheet.
A second solution that is slightly more cumbersome, but closer to your ask, is to provide users and external scripts with access to a drive folder containing the sheet. With the ID of the folder scripts can then search for the sheet by name via the drive api, users use their eyes to find it by name. Your encryption script, once done encrypting, copies the spreadsheet using SpreadsheetApp.copy(name)which will copy all of the formulas, formatting, data, even scripts, but not the revision history. Pass copy() the same name as the original sheet, drive file names do not have to be unique. Use the drive api to move the new spreadsheet to the folder, it should inherit the sharing of the folder by default. Again with the drive API delete the original spreadsheet. Because all users and scripts were looking for a file named X in a specific folder ID everything is still exactly where they expect to find it, but the revision history is gone.
Unfortunately Google Apps Script doesn't provide a method to remove items from the revision history.
Copy all spreadsheet, restore to the first version and then, paste de spreadsheet :)
For Google Documents I managed to get rid of the revision history by making a copy of the document. Not sure if that will work for spreadsheets too.
Related
I own 2 spreadsheets. One Master and one template.
On Master, I add patients and create a new spreadsheet for this client as a copy of the template. At this moment I give the client Edit access to this file.
This worked fine. But now I have to add staff and each of them needs Edit access to each copy of the template and Read access on the master.
Staff members come and go. I wonder what is the best way to simplify authorization.
Now I loop thru all files and give/revoke for each document. This is not performing in the long run.
Can I apply permission to a folder? or to a group and just add/remove staff to this security group? I'm new to the google apps script, hope you can show me the right path.
EDIT: Now I'm here
I need staff member to have access to view the master and edit any of the copies of the template. Also, I need people from outside the organization to have access to edit their own copy of the template.
I'm not sure how to proceed.
Also, I develop all this under my own Gmail account, now I have to move this into the orbit of the organization. What are the steps?
In your case, the easiest might be to create a Google Group and share your spreadsheet with it
When the staff members "come and go" you can simply add and remove them from the Google group and do not need to touch the spreadsheet's sharing settings.
Btw, when you create a copy of your spreadsheet programamtically, you can retrieve the editors of the current spreadsheet with getEditors() and assign them to the copied spreadsheet with addEditors()
I would like to allow users to use my spreadsheet but not copy it as it contains intellectual property. I tried going to sharing settings and disabling:
Editors can change permissions and share
Viewers and commenters can see the option to download, print, and copy
But the sheet can still be copied. Ideas?
Unfortunately, it is not possible to disable copy / download for editors.
You can only do that for commenters and viewers.
As a workaround, I would advice you to keep your sensitive information into one master file and then importrange or copy via a script the shareable information into another file. So even if they copy or download the latter your sensitive information won't be copied / downloaded.
Related questions:
How to disable copy/ download access for editors in google sheets
Prevent editors from downloading the file
Disable download & Copy to Option in Google Spreadsheet
I think the simplest solution would be to copy and paste from the master file the range of values you want to share with the other document. In this scenario the editors of the other document won't have access to neither the code nor the full data of the master file since the latter won't be shared with them.
The copy and paste part can be done automatically via a script and a trigger mechanism to update the data automatically so you won't have to do anything manually and the master file won't be exposed to any user.
There isn't any sure way to hide your data. Once something is published on the internet, you should consider it saved on many devices all over the world. Consider some ways to get hidden spreadsheet data
Attack scenarios:
By far the easiest way is CTRLC and CTRLV(Copy and Paste)
Editor menu options: File->Copy and File->Export
Once your file id is visible, any editor or even viewer with access to the file can easily copy the file itself through
Url manipulation: Adding /copy at the end instead of /edit
google-drive-api: File:get and File:copy
google-sheets-api: Useful to directly get data as json
google-vizualization-api: Can get data as html,csv or json(google query). See endpoints
Screenshot and use OCR(Optical character recognition)
View source code in the browser and directly copy the table
web-scraping Simulate browser using selenium
Hiding data:
Data may be hidden from naive users. Data cannot be hidden from users, who know the basics of how the web works.
Add ?rm=minimal to url, when sharing the sheets file. This hides all menu options.See here
Frame the edior in a iframe in your own website and use css to hide the top portion of the web page.
Hiding Logic:
You may still be able to hide logic of your code.
IMPORTRANGE: This is a very basic and easy way to hide your logic. But there are limitations and any editor can access any part of your master spreadsheet.
You can implement a IMPORTRANGE like logic using custom functions and webapps. This gives more control over the connector and secures your master spreadsheet much better than IMPORTRANGE. Here,
Two web apps are created, each associated with a spreadsheet(Master and client).
You use two KEYs to communicate between them. One for access and other for encryption.
Once access is verified, the data from master spreadsheet is encrypted and sent back to the custom function. Simultaneously the encryption key is posted to the client webapp.
The key here is the Master/Server webapp posts the encryption key only to the published client web app link. So, no other sheet or anything else can intercept the key or decrypt the data. Furthermore, a random key is generated for each access.
Another option is to let go off the spreadsheet completely and use a single webapp to show the data. This hides the logic in server scripts and linked spreadsheets.
Comment thoughts:
Create a script onOpen to kill sheets if the file is wrong?
onOpen cannot post data anywhere without the new copy owner permission. It's not possible to kill sheets. But data can be erased.
/**
* Deletes all sheets on the copy, if a copy is made
*/
const onOpen = () => {
const ss = SpreadsheetApp.getActive();
const id = ss.getId();
const sheets = ss.getSheets();
ss.insertSheet(sheets.length);//insert a blank sheet at the end
if (id !== '###Original ID###') sheets.forEach(s => ss.deleteSheet(s));//will fail at the last sheet(doesn't matter)
};
But editor can modify the original script before making a copy. And a revision of the original spreadsheet will still be available. The new owner can revert to the original version, use api endpoints mentioned above to get the data. Also mobile apps don't support onOpen. New owners can simply use mobile versions to access data.
Use formula web-app to notify file owner, ?
Possible, but data is already copied and there's no specific information that can be used to accurately identify the new owner. You maybe able to get locale information though.
I have written a Google Spreadsheet script which reads data from a user provided CSV file, populates a sheet with the data, makes a copy of the spreadsheet with a different name, and provides a link for the user to click to see the new spreadsheet. After making the new copy, the original spreadsheet is then cleared of user data and restored to its original state so other users can use it.
I want to share this spreadsheet with the workgroup (several hundred users), but I don't want them to be able to modify either the sheet or the script. If I share it read-only the script won't run, but to get the script to run I have to allow users edit capability and that is a bad thing.
I have googled myself silly trying to find a direction in which to go, but I am still wandering in the wilderness.
Can any of you point me in the right direction? If I need to be more specific or provide more information I will be glad to do so.
Thanks,
Larry
P.S. Other questions of note:
o Is it possible for a app-script in a spreadsheet to make the new copy active and 'close' the original shared spreadsheet?
o Can the user be made the owner of the new copy?
There is the option to put the code that you don't want modified, into a Stand Alone Apps Script file, then use that code as a "Library" in your script bound to the sheet. You can set the permissions on the Stand Alone Apps Script to VIEW only. That will keep people from changing it. When you share the Apps Script file with the users, they will get an email notification. So, they'll have the URL to the file, and can view it, but they can't edit it. (If you set it to VIEW only)
So, you'll be using both your spreadsheet file, and a Apps Script file. Two files, and setting the sharing to VIEW only on the Apps Script file. You can still give people EDIT access to the spreadsheet.
You'll need to go through a process of making the function available to your spreadsheet. This is called a "Library", but don't pay much attention to that name when creating the file.
Create a Stand Alone Apps Script
Create the function you want to share.
Get the Project Key --> FILE, PROJECT PROPERTIES
Share the Apps Script file with users you want to give access to, but only give them VIEW access to the file. NOT Edit.
Give the Project Key to the user, (In this case that's just you.) and have them add the library, or if you have access to the spreadsheet, you can probably add the key yourself. So, in your case, you will not be sharing the Project Key with anyone. You don't need to.
In the script file that is bound to the spreadsheet, click the RESOURCES menu, and the LIBRARIES menu item.
Enter the Project Key
Click SELECT button, and turn the library ON.
Make sure to set the library Identifier to a key word you'd like to use.
Go to the code editor, create a function, and type the Library Identifier.
All the functions that are available from the Library will show up
Google Documentation - Gaining Access to a Library
Keep in mind, that creating a library is nothing more than writing code in an Apps Script in a stand alone Apps Script file. If you've done that, then all you need to share is the Project Key. The user of the Library won't see a list of all the available Libraries when Resources, Libraries is opened. You need the Key.
I have been trying all day and I found this:
http://www.jellybend.com/2012/12/19/monitor-google-drive-folders-with-google-apps-script/
The attached script worked only partially for me. It doesn't respond to change to the subfolders even there are files inside the subfolders (eg. rename/delete the subfolder). It also seems to have errors if I delete and re-add the same file to the folder again, it just doesn't email me for the newly added "old file".
I also found this:
https://developers.google.com/drive/v2/reference/changes/list#examples
but unfortunately I am not really sure what those parameters are and I am just inexperienced in writing something like that.
Any help will be greatly appreciated! Thanks!
The file monitoring code at that link, is an Apps Script bound to a Sheet. An Apps Script can be bound to a Sheet, Doc, Form or Site. An Apps Script can also be a stand alone application. So, any code you may want to write, does not need to be in a spreadsheet.
An Apps Script can be set up to have a Time-driven event trigger.
There is also a Script Service to build Clock Triggers.
ClockTriggerBuilder Class
Using Time Driven Event Trigger, or a Clock Trigger you could use the getSize() method to return the amount of disk space used by the item:
Class - Folder - getSize Method
// This example logs the first file's size in bytes
// Note: This can also be used on a folder to get the size of its contents
var file = DocsList.getAllFiles[0];
Logger.log(file.getSize());
Of course, you would need to know what the original size of the folder or file was, and so you would need to store the current size somewhere. You could create a file for storing that information, or use the built in database that Apps Script has.
For storing your historical folder or file information you could use ScriptDB.
ScriptDB
Quote:
ScriptDB is a JavaScript object database for Google Apps Script. Each script project gets a database, which the script can use to save, update, and search JavaScript object data.
You could write historical file and folder info to a spreadsheet or document also.
Depending on who owns the file, and who is accessing the file, permissions would need to be granted, or you'd need to use oAuth2 to authenticate who has access to the file and folder information.
If you can't write all the code yourself, you could set up a shared Apps Script file, or find some other way to have people collaborate on the project.
I've been researching this on my own for some time and came up with a script bound to a spreadsheet as well. Hope it can help someone, as it seems that a lot of people are looking for something similar. My script is monitoring a folder and sends notification to all the current viewers of the folder as soon as there is new file added. Trigger to run the script could be set depending on the needs of the user. In my case hourly worked just fine.
Spread Sheet with the script: https://docs.google.com/spreadsheets/d/1CzVADjUTT2d9Y5OGDOnv37mCaO49kPt4RmnyZgzjTKA/edit#gid=0
If you would like to try this script just make sure you are logged in with your google account when you open the link and you should be able to make a copy of the spreadsheet.
This Google Script will send an email notification to you or other email addresses when a file in a Google Drive folder has been added, renamed, changed, or modified. http://baumbach.com/google-script-2/
Does anyone know if it would be possible to set up a script on my Google account that triggers when a new item is shared to the email and then automatically shares it with another email address?
I use a personal Gmail account, but whenever I do school work documents are always shared with my school email and it is a pain to have to share everything manually or keep switching accounts.
When I looked a few weeks back I was unable to find a way to have a script trigger on new shared items, but I am new to these scripts so if anyone has a suggestion I would appreciate it. Thanks!
I don't think you can actually triggers on new items. But you can write a script to read the Drive feed to easily check if there's new files.
Such script would still have to be triggered on a time-driven basis, so you wouldn't have "instant" access on your second account. Also, if I'd write such script, I would just create a folder, share it with the desired accounts, then use the script just to move the files to this folder. This approach has the benefit of easily allowing you to check which files are shared (with your specific account) and which aren't. And since folders are actually just labels in Drive, it is not any problem if you like or need to have your files organized in another folder structure.
By the way, have you seen Chrome users feature? It helps a lot when working with multiple accounts.