0

I am trying to create a web app which will be using google sheets as backend. I want to enable users to access the web app and perform read/write operations through web app only. I do not want those users to have an access to the google sheet as I want to limit the data they can read through the web app. I tried using USER_DEPLOYING as the execute as, but doing so I am not able to get the person's email who is using the web app. Is there any way to achieve what I am trying to do?

Abhishek Rastogi
  • 123
  • 1
  • 1
  • 6
  • You should be able to access that. Could you please give more details on `I am not able to get the person's email who is using the web app`? What are you getting instead? Any error? – Iamblichus Jun 11 '20 at 08:30
  • No, I am not getting any value there. Stackdriver logs show it as blank. – Abhishek Rastogi Jun 13 '20 at 18:06

1 Answers1

0

Issue:

For security reasons, if a web app is deployed to USER_DEPLOYING (that is, Execute the app as: Me) and the user accessing the web app (that is, the active user) doesn't belong to the same G Suite domain as the user under whose authority the script runs (that is, the effective user), the script does not have access to the active user's email.

The same will happen in any context in which the script runs without user's authorization (simple triggers, etc.).

Explanation:

From the documentation on getActiveUser():

Gets information about the current user. If security policies do not allow access to the user's identity, User.getEmail() returns a blank string. The circumstances in which the email address is available vary: for example, the user's email address is not available in any context that allows a script to run without that user's authorization, like a simple onOpen(e) or onEdit(e) trigger, a custom function in Google Sheets, or a web app deployed to "execute as me" (that is, authorized by the developer instead of the user). However, these restrictions generally do not apply if the developer runs the script themselves or belongs to the same G Suite domain as the user.

Iamblichus
  • 18,540
  • 2
  • 11
  • 27
  • @kxm There is no workaround for retrieving the user's email when, for security reasons, you should not have access to it. That said, depending on your specific situation, maybe a workaround could be found. I'd suggest you to post a new question explaining your situation if you think that could be the case. – Iamblichus Jan 29 '21 at 14:35
  • Thanks @Iamblichus. I just wrote my own login solution instead. It's not a high security application, I just need the user's email address to send them an email confirmation of their activity in the application. Thanks for the update, though :) – kxm Feb 03 '21 at 15:13