I’m getting really confused about setting up the right permissions for my Google Apps Script that’s connected to one specific spreadsheet.
My script has some onEdit triggers that check and modify cells within the same spreadsheet file. The functions only need to work with this one file and nothing else. Some of the cells they update are in a protected sheet where only the owner and one editor can make changes.
The problem is that when I look at the OAuth permissions, it shows “See, edit, create, and delete all your Google Sheets spreadsheets”. This seems way too broad since my script only needs access to the current spreadsheet.
I’m also worried because other people who can edit the spreadsheet can also see and modify the script code. I don’t know if there’s a way to restrict script editing to just the owner and one specific person.
I want to figure out how to set up the manifest file to limit the scope to just this one spreadsheet. Will this actually work properly with my triggers? And is there a way to go back and change those permission settings after they’ve already been set up?
Those broad permissions are actually Google’s security feature, not something you can bypass. When your script asks for spreadsheet access, Google doesn’t distinguish between individual files at the OAuth level. But your script only touches the specific spreadsheet it’s bound to, so the real risk is much lower than it looks. For the editing problem, try moving your critical logic to a separate standalone Apps Script project that you fully control. Then have your bound script call this external script through URL fetch or similar methods. This way, casual editors can’t accidentally break your main functionality. The permissions dialog will always show that broad scope, but you can tell users your script only affects the current file.
yeah, i get how frustrating that is! unfortunately, you can’t limit the perms to just one sheet. converting to an add-on might restrict some things, but still not perfect. standalone app could help, but it’s a bit more work. hope this helps a bit!
Indeed, it can be frustrating. Unfortunately, Google Apps Script requires broad permissions, and there’s no way to limit access to just one spreadsheet since the API doesn’t support file-specific permissions. Your onEdit triggers will function correctly, but you can’t enforce more restrictive permissions in the manifest. Regarding script access, anyone with edit privileges on the spreadsheet can see and alter the script. To have better control over who can edit the script, consider creating a standalone project and deploy it as a web app or add-on. This method allows interaction with your spreadsheet while bypassing the sharing settings.