Granting access rights
Apps Script determines the authorization scopes (like access your Google Sheets files or Gmail) automatically, based on a scan of the code. Code that is commented out can still generate an authorization request. If a script needs authorization, you'll see one of the authorization dialogs shown here when it is run.
Scripts that you have previously authorized also ask for additional authorization if a code change adds new services. Scripts may not request authorization if you access the script as a web app that runs under the script owner's user identity.
Revoking access rights
To revoke a script's access to your data, follow these steps:
- Visit the permissions page for your Google account. (To navigate to this page in the future, visit Google.com, then click your account picture in the top-right corner of the screen. Next, click My Account, then Connected apps & sites under the "Sign-in & security" section, and then Manage Apps.)
- Click the name of the script whose authorization you want to revoke, then click Remove on the right, then OK in the resulting dialog.
Permissions and types of scripts
The user identity that a script runs with — and thus the data it can access — varies based on the scenario in which the script is run, as shown in the table below.
|Type of script||Script runs as...|
|Standalone, add-on, or bound to Docs, Sheets, or Forms||User at the keyboard|
|Custom function in a spreadsheet||Anonymous user; however, quota limits count against user at the keyboard|
|Web app or Google Sites gadget||User at the keyboard or script owner, dependent on options selected when deploying the app|
|Installable trigger||User who created the trigger|
Manual authorization scopes for Sheets, Docs, and Forms
If you're building an add-on or other script that uses the Spreadsheet service, Document service, or Forms service, you can force the authorization dialog to ask only for access to files in which the add-on or script is used, rather than all of a user's spreadsheets, documents, or forms. To do so, include the following JsDoc annotation in a file-level comment:
/** * @OnlyCurrentDoc */
An opposing annotation,
@NotOnlyCurrentDoc, is available if your script
includes a library that declares
@OnlyCurrentDoc, but the master script actually requires access to more than
the current file.
Authorization lifecycle for add-ons
Add-ons for Google Sheets, Docs, and Forms generally
follow the same authorization model as scripts that are
bound to a document. In certain
circumstances, however, their
onEdit(e) functions run in a
no-authorization mode that presents some additional complications. For more
information, see the
guide to the add-on authorization lifecycle.
OAuth application user limits
Applications that use OAuth to access Google user data, including Apps Script projects, are subject to authorization limits. See OAuth application user limits for details.