Google Apps Script Web App with variable user permissions?

1
votes

When you create a Google Apps Script and then deploy it as a web app, is it possible to have any sort of permission levels for people who use it? I have deployed a web app for my company (who uses GSuite) so the web app is limited so only people with @company.com email address can access it.

But is it possible to have any other finer controls over permissions? For example have super users? Or any other type of group level permissions that you can control and thus restrict content in the web app depending on those permissions?

I know that you can assign custom roles to users in the G Suite administrative interface. Is it possible from within a Google Apps Script web app to query what roles the logged in user has?

1
google-apps-scriptpermissionsgoogle-workspace
I would say yes if yourself are a superuser without restriction. Otherwise you can store a list of users with their rights and pick the information from there, a kind of 2 step process. This would probably be easier to control by a human.At least that's how i do it.Serge insas

1 Answers

0
votes

Is it possible from within a Google Apps Script web app to query what roles the logged in user has?

Its possible to track/query and manage roles from a GAS Web App if you leverage the Admin SDK Directory API along with a service account that has domain-wide delegation of authority (DwDg) enabled for the Google Cloud Platform (GCP) project associated with the Web App script.

You'll have to side-step using Apps Script's built-in Advanced Google Service for the Directory API and do all the heavy lifting yourself using custom-generated OAuth2 tokens (this library can help with that) and UrlFetchApp calls since you'll need to call the API using the email of an admin within your company's GSuite domain (DwDg enabled service accounts allow you to do this even from a non-admin account).