Application Settings

Go to this page to manage application-wide settings. You can:

To change settings, open an app and click Settings settings .

App Settings

Description

Use the description to describe the purpose of the application. You can any other information that might be necessary.

App Start

Home page

Use this setting to specify which page loads when a user opens your app.

App startup script

Enter a script to run when a user initially loads your app. App Maker runs the script before it opens the home page. For example, you could use a script to preload data before displaying the UI, or you could open a different home page based on the user. By the time this code runs, all external libraries have been loaded, so you can use them in this script.

For example, your app might store a preferred starting view for each user in a user preference record. The following sample script pauses app loading (with loader), retrieves the preferred start view by loading the datasource, then resumes loading the app and opens the preferred view. If you don't suspend loading the app while you load the datasource, the app loads as soon as the script finishes and doesn't wait for the asynchronous results from the datasource.

var datasource = app.datasources.MyUserDatasource;
// Stop app from loading until the datasource loads.
loader.suspendLoad();
datasource.load(function() {
    app.showPage(datasource.item.StartView);
    // Continue load now that data is loaded and view is set.
    loader.resumeLoad();
});

External resources

Use the fields in this section to specify:

JavaScript URLs

Add any JavaScript libraries you need to load along with your app. The libraries are specified by the URL where they are hosted. Conveniently, Google hosts several of the most common libraries. Note that the order in which the libraries appear in the list is the order in which they will be loaded, so libraries should appear after all of their dependencies, if they have any.

CSS URLs

Add a URL if your app uses custom CSS to override App Maker's default style.

Apps Script libraries

Add an Apps Script library to your app to use functions that are associated with the selected object in your scripts. Note: Code completion isn't available for imported libraries.

To add a library, you need the script ID, version, and object.

Security

Use access roles to control how other users interact with your app after you've published it. You can control:

  • Who can use the application.
  • Who can access specific pages and modify records in your models.
  • (Admins only) Who can publish deployments. You can't remove the admins role.

Security workflow

The basic workflow for controlling app security:

  1. Add roles in Settings settings chevron_right App Settings chevron_right Security.
  2. Add the roles to the individual pages and models that need protection.
  3. Add people to the roles when you create a new deployment.

More about access roles

You can specify your own roles, which by default have no permissions assigned. Permissions are currently assignable for model and relation modification events, view access and service datasource execution. This allows you to specify the ways that groups of people can interact with a model, for example, you may specify that only the Admins role can modify a record, or you could create your own role, for example a role named Manager, and give them create permissions on all your models. See Model Permissions for more information.

It's important to note that the model permission settings are the security gatekeeper to your application's data. This means that you can't rely on the UI to prevent a malicious user from accessing, and even editing, your data. For example, to create a secure "registration form" type application, you'll need to specifically limit who can read and modify the data in the model permission settings, even if there is no UI that provides this access to the data.

Note that you can only create or delete roles in the App Maker editor. You must wait until you publish your application to specify the members of these roles. This allows you to publish multiple versions of your application with different permissions. For example, the published production version of your application might have only you as the administrator, while the test version might have a set of trusted developers and testers in the Admins role. It also makes permissions more flexible, allowing you to modify role membership on a published application without requiring you to update the content of the application.

Each member you add must be an email address for an individual account or a Google Group. They can be set when initially publishing an application, and updated later by editing the application deployment's settings.

In scripting, you can access all the roles that the current user of your application is a member of using the user.roles parameter. This is available on both the client and the server.

Because role membership is specific to published applications, they do not exist during preview. When you preview, the user will have all permissions. In order to test permissions, you will need to publish a test deployment of your application and specify role membership.

Allow Apps to be Embedded

You or others in your organization might want to embed an app in another web site. Some of the benefits of embedded apps include:

  • You can integrate apps with sites that are already familiar to your organization's users.
  • You can conceal the long, complex URLs currently used to host published apps.

Most web sites with google.com URLs can embed an App Maker app. Sites with non-Google URLs require permission from an app administrator:

Type of Site Admin permission required? Notes
Non-Google web sites Yes Could introduce clickjacking vulnerability.
New Google Sites with google.com URL No Enabled by default.
New Google Sites with custom URL Yes
  • Site author can preview embedded app because previews are hosted on Google infrastructure.
  • App is blocked on published pages until app admin enables embedding.
Classic Google Sites Yes Can be embedded in an iframe gadget.
Sites or apps with scripts.google.com URL No Enabled by default.

Security Vulnerabilities

If you enable embedding, anyone who has access to the app can embed it in a site they control. This can lead to a type of web attack known as clickjacking. There are methods available to defeat clickjacking, but you should avoid making dangerous operations available in an app that can be embedded. If this is unavoidable, your app should provide a warning or a visible indicator before the user performs actions like entering personal information or deleting data.

Enable embedding

Click the checkbox in Settings settings chevron_right App Settings chevron_right Security to make your app embeddable.

Preferences

The Preferences section controls several UI and scripting settings.

Viewport resolutions

You can create, edit, and delete custom screen sizes that control the view in the page editor. When you set the device resolution in the page editor, you see how your app renders on a screen of that size.

To add a screen resolution, click Add Resolution. Enter the name of the resolution and the dimensions, then click Add.

To edit and delete screen resolutions, point to the resolution that you want to edit or delete and click Edit mode_edit or Delete delete.

App Language

App Maker apps currently support one language per app. English is the default language. UI text strings, messages, number formats, and date formats are appropriate for English.

If you change an app’s language to a different language, then users will expect UI text strings, messages, number formats, and date formats to be in the other language.

Some UI strings are available to the app developer in widget properties. As the app developer, it is your responsibility to localize the strings in the app’s language.

Some UI strings are not available to the developer for manual localization. App Maker customizes those strings automatically. App Maker also customizes number formats and date formats automatically.

App Maker automatically localizes these widgets:

  • Date boxes: Date format
  • Google maps: UI strings
  • Charts: Number formats and date formats in table, line, pie and bar charts
  • All widgets: Number formats and date formats in bindings for all bindable properties
  • Forms: Validation messages

Time zone

This setting controls the time zone used by the server. Client scripts use the time zone reported by the user's browser.

Favicon URL

Enter the location for the favicon you want your app to use when it's deployed.

Advanced Google Services

Call APIs for Advanced Google services from your app. To use advanced services, add them in App Settings. All Advanced Services that are available in Apps Script are available in App Maker.

You don't need to add built-in Google services.

Add advanced services

  1. Click Settings settings chevron_right App Settingschevron_rightAdvanced Serviceschevron_rightAdd Service.
  2. Select boxes for the services you want to add and click Add.

Call advanced services

Call advanced services from server scripts in the same way that you call other Google services. Server scripts run in JavaScript as Apps Script scripts.

Tutorial 4 teaches you about calling APIs in server scripts from App Maker.

Remove advanced services

  1. Click Settings settings chevron_right App Settings.
  2. Under Advanced Services, hover over a row for a service and click delete.