App Maker uses a Google Account when the app runs server scripts and when it makes API calls to Google Apps Script services (G Suite Services, Script Services, and Advanced Google services). The account that is used for running code is often referred to as the execution identity. App Maker can use the app user's account (the default value) or the account of the developer who publishes the app.
To protect your data, App Maker doesn't let you deploy an app as developer if the app includes the Drive Picker widget.
Set or change the execution identity
Apps run as the app user by default. Before you set a production deployment to run as the developer, test a limited-access deployment to make sure that you are comfortable with your account as the execution identity.
To change to the developer's account, or switch back to the app user's account:
- Open App Maker and open the app.
- Click Settings > App Settings.
In the Security section, locate Run app as and select User's account or Developer's account.
- If you select Developer's account, when you publish the app App Maker prompts you to authorize the app to run as you. The permission request lists the actions that the app can do as you, such as send email and connect to external (Google) services.
- If you select User's account, each app user must sign in with their Google Account. They can give permission for the app to call Google services on their behalf, such as send email, create files in their Drive, or add events to their Calendar.
When a user grants an app permission to their Google data, App Maker enforces the sharing settings on that data. For example, when a user grants an app permission to access their Drive files, other users can't access those files through the app unless the file owner shared those files.
The setting applies to any deployments that you publish from now on. Existing deployments aren't automatically updated. To apply the new execution identity to existing deployments, republish the deployment.
Execution identity best practices
- Run an app as developer only when required by the app workflow, such as when users need to create calendar entries in your calendar or send emails on your behalf.
- When you run an app as developer, manage your identity. For example, with some APIs you can use flags that conceal or obscure, such as the noreply flag for
- Before you run an app as developer, test the app with another user's account to ensure that the app works as expected and you are comfortable with the data that you share.