How to run certain scripts under the authority of a specific user?

by

Probably the easiest way to do this would be to avoid using a button and using a checkbox with a installable edit trigger, which also has a great side effect of mobile support.

Proposed solution:

  • Using a checkbox
  • Hook it to a installable edit trigger, which runs as the user who installed the trigger. Therefore, if the owner installs the trigger, no matter who edits the sheet, the trigger runs as the owner, giving access to privileged resources including protected ranges.

The installable version runs with the authorization of the user who created the trigger, even if another user with edit access opens the spreadsheet.

Notes:

  • Advantage:

    Code simplicity and maintainabilty. No need for webapp or any complicated setup.

  • Disadvantage: Security (with possible workaround)

    If the code is bound to the sheet, editors of the sheet get direct access to the script of the sheet. So, any editor with malicious intentions would be able to modify the code. If the function with installable trigger has gmail permissions, any editor would be able to log all the emails of the owner. So,special attention needs to be paid to permissions requested. Note that, this is already the case with your web app setup. Any editor maybe able to modify doGet to access protected data. If the webapp is in a separate standalone script, this isn’t a issue. You may also be able to fix this issue by setting the trigger at a predetermined version instead of Head version. See this answer for more information.

More Related Contents:

  1. Long processing time likely due to getValue and cell inserts
  2. Why do we use SpreadsheetApp.flush();?
  3. Convert column index into corresponding column letter
  4. Merging or Combining two onEdit trigger functions
  5. How to poll a Google Doc from an add-on
  6. How to read the correct time/duration values from Google Spreadsheet
  7. Google Spreadsheet Script – How to Transpose / Rotate Multi-dimensional Array?
  8. How to copy a row from one google spreadsheet to another google spreadsheet using google apps script?
  9. Emailing Google Sheet range (with or without formatting) as a HTML table in a Gmail message
  10. How much faster are arrays than accessing Google Sheets cells within Google Scripts?
  11. Google Sheets add-on: Set anonymous/dynamic functions to Menu using Google App Script
  12. Google Apps Script toast messages don’t appear for anonymous editors
  13. Synchronize independent spreadsheet rows, filled by IMPORTRANGE()
  14. How to speed ​up the search data in sheet
  15. How to Autofill last row with formula, when data is received from IFTTT on the last row?
  16. Scraping data to google sheets from a website that uses JavaScript
  17. How to Transpose / Rotate Multi-dimensional Array?
  18. How to allow access for importrange function via apps script?
  19. How to fix ‘TypeError: Cannot call method “getRange” of null’ in Google Apps Script
  20. Set anonymous/dynamic functions to Menu
  21. To exceed the ImportXML limit on Google Spreadsheet
  22. How do I replace text in a spreadsheet with Google Apps Script?
  23. How to make onEdit() trigger function apply to multiple sheets
  24. Google apps script: how to persist data in spreadsheet between different function calls?
  25. Google Script: Play Sound when a specific cell change the Value
  26. Failure of calling Google App Script onEdit function many times in a second
  27. Add timestamp to named column in Google Spreadsheet onEdit script
  28. What are some use cases for SpreadsheetApp.flush()?
  29. google script detect empty cell after edit or delete
  30. Converting Google spreadsheet date into a JS Date object?

Leave a Comment