Secure deployments and add users to roles

As a part of app security, when you deploy your app you set who can run the app and assign members to access permissions roles. App deployments also inherit some security settings from app settings.

The developer who deploys an app is the deployment owner. Deployment ownership isn't transferable, so consider who should deploy the app. Deployment owners have full access to app data.

You might want to use a shared admin account to deploy the app to avoid complications if the deployment owner leaves your organization. If you use this approach, change the password of the admin account frequently to prevent unauthorized access.

Control who can run an app deployment

By default, all users in your organization can run an app deployment if they have the link. When you deploy your app, specify users and groups who can run the app deployment. Users who can't run the app get a message that they don't have access to the app. You can edit these permissions after deployment.

To allow specific users and groups to run an app deployment when you publish it:

  1. In App Maker, open your app.
  2. Click Publish.
  3. Locate Application access and select Only allow access to specific users.
  4. Enter the email addresses of users and groups.
  5. Set other deployment settings, such as add users and groups to roles.
  6. Click Publish.
  7. Share the URL with users. If a user who isn't allowed to run the app tries to open the URL, App Maker returns the error message, "Sorry, you don't have access to this application."

To update permissions after the app is deployed:

  1. In App Maker, open your app.
  2. Click Settings chevron_right Deployments.
  3. Point to the deployment and click Edit.
  4. Locate Application access and select Only allow access to specific users.
  5. Enter the email addresses of users and groups.
  6. Click Save.

App Maker automatically republishes the deployment to update the permissions.

Add members to roles

If you use roles-based access control, add members to the roles.

  1. Open App Maker and open the app.
  2. Click Settings > Deployments.
  3. In the table, point to the deployment that you want to add members to a role, and click Edit.
  4. In the Users with role access sections, enter the email addresses of users or groups (Google Groups).
  5. Click Save.

App Maker republishes the app deployment. The republished deployment has the updated role membership.

Best practices for deployment security

  • Grant permission to run the app only to users who need to use the app.
  • Use groups to manage role membership so that you don't have to edit the deployment to update members.
  • Review role membership periodically to make sure that users have appropriate permissions. In particular, assess the members of the Admin role.