Apps Script determines the authorization scopes (like access your Google Sheets
files or Gmail) automatically, based on a scan of the code. Code that is
commented out can still generate an authorization request. If a script needs
authorization, you'll see one of the authorization dialogs shown here when it is
run.
Scripts that you have previously authorized also ask for additional
authorization if a code change adds new services. Scripts may not request
authorization if you access the script as a web app that runs under
the script owner's user identity.
Revoking access rights
To revoke a script's access to your data, follow these steps:
Visit the
permissions page
for your Google account. (To navigate to
this page in the future, visit Google.com, then
click your account picture in the top-right corner of the screen. Next, click
My Account, then Connected apps & sites under the
"Sign-in & security" section, and then Manage Apps.)
Click the name of the script whose authorization you want to revoke, then
click Remove on the right, then OK in the resulting dialog.
Permissions and types of scripts
The user identity that a script runs with — and thus the data it can access —
varies based on the scenario in which the script is run, as shown in the table
below.
Manual authorization scopes for Sheets, Docs, Slides, and Forms
If you're building an add-on or other script that
uses the Spreadsheet service,
Document service,
Slides service, or
Forms service, you can force the authorization
dialog to ask only for access to files in which the add-on or script is used,
rather than all of a user's spreadsheets, documents, or forms. To do so, include
the following JsDoc annotation in a file-level comment:
/***@OnlyCurrentDoc*/
An opposing annotation, @NotOnlyCurrentDoc, is available if your script
includes a library that declares
@OnlyCurrentDoc, but the master script actually requires access to more than
the current file.
Authorization lifecycle for add-ons
Add-ons for Google Sheets, Docs, Slides, and Forms
generally follow the same authorization model as scripts that are
bound to a document. In certain
circumstances, however, their onOpen(e) and onEdit(e) functions run in a
no-authorization mode that presents some additional complications. For more
information, see the
guide to the add-ons authorization lifecycle.
OAuth application user limits
Applications that use OAuth to access Google user data, including Apps
Script projects, are subject to authorization limits. See
OAuth application user limits
for details.
Re-authentication Behavior with Apps Script
Apps Script does not enforce the
re-authentication frequency that you
configure in your Google Cloud Services settings. This is because
Apps Script can run automatically using triggers, which operate
without direct user interaction. These automated executions don't trigger the
re-authentication prompts. Your Apps Script application won't
automatically ask you to re-authenticate after the time period you've specified
(for example, 12 hours).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-19 UTC."],[[["\u003cp\u003eApps Script requires user authorization to access private data from Google services, and requests are based on code analysis.\u003c/p\u003e\n"],["\u003cp\u003eUsers can revoke a script's access to their data through their Google Account permissions settings.\u003c/p\u003e\n"],["\u003cp\u003eA script's access level and the user it runs as depends on the type of script and how it's executed, like standalone, add-on, or web app.\u003c/p\u003e\n"],["\u003cp\u003eFor scripts interacting with Google Workspace files, specific annotations can limit authorization requests to the current file only.\u003c/p\u003e\n"],["\u003cp\u003eAdd-ons generally adhere to the authorization model of bound scripts, with exceptions for certain functions and circumstances.\u003c/p\u003e\n"]]],[],null,["Apps Script requires user authorization to access private data from\n[built-in Google services](/apps-script/guides/services) or\n[advanced Google services](/apps-script/guides/services/advanced).\n\nGranting access rights \n\nApps Script determines the authorization scopes (like access your Google Sheets\nfiles or Gmail) automatically, based on a scan of the code. Code that is\ncommented out can still generate an authorization request. If a script needs\nauthorization, you'll see one of the authorization dialogs shown here when it is\nrun.\n\nScripts that you have previously authorized also ask for additional\nauthorization if a code change adds new services. Scripts may not request\nauthorization if you access the script as a web app that runs under\n[the script owner's user identity](/apps-script/execution_web_apps#permissions).\n| **Warning:** Web apps and other scripts that use sensitive scopes are subject to review by Google. Users attempting to authorize such apps may see a warning screen saying the app is *unverified* by Google. See [OAuth client verification](/apps-script/guides/client-verification) for details.\n\nRevoking access rights\n\nTo revoke a script's access to your data, follow these steps:\n\n1. Visit the [permissions](https://security.google.com/settings/security/permissions) page for your Google account. (To navigate to this page in the future, visit [Google.com](https://www.google.com), then click your account picture in the top-right corner of the screen. Next, click **My Account** , then **Connected apps \\& sites** under the \"Sign-in \\& security\" section, and then **Manage Apps**.)\n2. Click the name of the script whose authorization you want to revoke, then click **Remove** on the right, then **OK** in the resulting dialog.\n\nPermissions and types of scripts\n\nThe user identity that a script runs with --- and thus the data it can access ---\nvaries based on the scenario in which the script is run, as shown in the table\nbelow.\n\n| Type of script | Script runs as... |\n|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [Standalone](/apps-script/execution_script_editor), [add-on](/workspace/add-ons/overview), or [bound to Docs, Sheets, Slides, or Forms](/apps-script/guides/bound) | User at the keyboard |\n| [Custom function in a spreadsheet](/apps-script/execution_custom_functions) | [Anonymous user](/apps-script/execution_custom_functions#permissions); however, [quota limits](/apps-script/guides/services/quotas) count against user at the keyboard |\n| [Web app](/apps-script/execution_web_apps) or [Google Sites gadget](/apps-script/execution_gadgets) | User at the keyboard or script owner, dependent on [options selected](/apps-script/execution_web_apps#permissions) when deploying the app |\n| [Installable trigger](/apps-script/understanding_triggers#Installable) | User who created the trigger |\n\nManual authorization scopes for Sheets, Docs, Slides, and Forms\n\nIf you're building an [add-on](/workspace/add-ons/overview) or other script that\nuses the [Spreadsheet service](/apps-script/reference/spreadsheet),\n[Document service](/apps-script/reference/document),\n[Slides service](/apps-script/reference/slides), or\n[Forms service](/apps-script/reference/forms), you can force the authorization\ndialog to ask only for access to files in which the add-on or script is used,\nrather than all of a user's spreadsheets, documents, or forms. To do so, include\nthe following [JsDoc](https://jsdoc.app/) annotation in a file-level comment: \n\n /**\n * @OnlyCurrentDoc\n */\n\nAn opposing annotation, `@NotOnlyCurrentDoc`, is available if your script\nincludes a [library](/apps-script/guides/libraries) that declares\n`@OnlyCurrentDoc`, but the master script actually requires access to more than\nthe current file.\n\nAuthorization lifecycle for add-ons\n\n[Add-ons](/workspace/add-ons/overview) for Google Sheets, Docs, Slides, and Forms\ngenerally follow the same authorization model as scripts that are\n[bound](/apps-script/guides/bound) to a document. In certain\ncircumstances, however, their `onOpen(e)` and `onEdit(e)` functions run in a\nno-authorization mode that presents some additional complications. For more\ninformation, see the\n[guide to the add-ons authorization lifecycle](/workspace/add-ons/concepts/addon-authorization#editor_add-on_authorization).\n\nOAuth application user limits\n\nApplications that use OAuth to access Google user data, including Apps\nScript projects, are subject to authorization limits. See\n[OAuth application user limits](https://support.google.com/cloud/answer/9028764)\nfor details."]]
