1

I am sharing many sheets with many people, giving them both Edit and Share permissions. I want to share it only with people ("Party B") who have Google accounts, in order to assure greater security/accountability. However, it is difficult (impossible?) to verify that Party B has/is a Google account inside Google Apps Script, which is where all this is happening.

Furthermore: Since I'm giving Party B "Share" permissions, there's no way I can keep them from sharing with any number of non-Google accounts, thereby making the file essentially open to all. I can't turn off download/print/copy, and I wouldn't even care if Party B shared "view only" with non-Google accounts. But if the document itself is a "hot" coordination/collaboration document, and I want to be sure I understand who is making edits, I have to assure that everyone it is shared with has a Google account. Yet there's no way to even check that (with GAS), and no way to control it either.

So unless I'm missing something (which is why I'm asking here), this is a feature request. Google should (imo) create ways to check for, and limit sharing of a particular document, to accounts that are Google accounts. It seems like, at a minimum, that would entail adding another switch in the Advanced Sharing dialogue that says "never ever share this with anyone who doesn't have a Google account".

I was directed to ask this here from the Google help forums. I've tried very hard to formulate a clear question, and I've spent dozens of hours trying to figure out if there's a way around this problem -- hopefully the question illustrates that. Furthermore, I think this could be helpful to clarify for other people (especially if anyone has good ideas/information). I am using Google Apps for Work.

Mogsdad
  • 44,709
  • 21
  • 151
  • 275
KeithKeithBoBeith
  • 41
  • 8

1 Answers1

1

...it is difficult (impossible?) to verify that Party B has/is a Google account inside Google Apps Script, which is where all this is happening.

You can get information about members of your Google Apps for Work domain by using Session.getActiveUser(). If you're sharing the document outside of the domain, scripts that are bound to the document and run in a way that require the user's authorization can also use this method. However, if the script is run in any way that doesn't need that specific authorization, privacy wins out, and your script sees the user as anonymous.

Google should (imo) create ways to check for, and limit sharing of a particular document, to accounts that are Google accounts.

This capability exists for Google Apps for Work, but it is a domain-wide setting, not a user choice. (Talk to your domain administrator about it.)

See Set file sharing permissions for instructions for administrators, where it says:

Require Google sign-in for external users to view file
When a sharing invitation is sent to a non-Google email account or non-Google Groups mailing list, people with the sharing invitation will still need to sign in to a Google account to view the file (unless it's also shared publicly on the web or to anyone with the link, if you allow that).

Mogsdad
  • 44,709
  • 21
  • 151
  • 275
  • Thanks Mogsdad, All sharing is outside the Google Apps for Work domain, basically. Should have mentioned that. I assume getActiveUser isn' – KeithKeithBoBeith May 29 '16 at 20:52
  • Thanks Mogsdad, Last time I looked at that setting, I was thinking about the fact that we have to share files with non-Google users sometimes... but now that I think about it more carefully, that might do the trick -- we can just publish other files perhaps. Thanks for drawing my attention back to it, I'll experiment! – KeithKeithBoBeith May 29 '16 at 21:10