A
A
Aleksandr2020-04-30 18:17:08
JavaScript
Aleksandr, 2020-04-30 18:17:08

A question about access rights, or how are google spreadsheet scripts protected?

As a rule, tables are created to collect and process data. Data, in turn, is information, so it can be available to someone, and not available to someone. Someone for reading, someone for writing. The tables themselves have a built-in mechanism for protecting sheets, protecting ranges. It is even possible to give users the rights to read or write, etc.

It is not clear to me as a beginner why the above protection mechanisms are needed if, with any rights, any user has full access to the table script and, accordingly, can at least delete the script, edit it, add fixes, or just turn off your inhibitions and change closed to available.

What is the logic? Or how do they work with it at a high level, where are complex and multi-level data tables written and how is it organized?

Maybe there is something I don't know or don't understand

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Alexander Ivanov, 2020-05-01
@iSeb

Scripts have nothing to do with cell input restrictions, because scripts are REST .

  • If you delete the script, then the protection of the cells will not change in any way.
  • If you try to change the script so that the value of the cells protected (conditionally from you) changes, then the protection will work.
  • If you change the user-defined function script to return a different value, then in a protected cell it will return a different value, but the value of the cell itself will still not change.

In my opinion (and exactly in the opinion of Google) there are no logical contradictions.
There are no scripts in any cells. Google Apps Script is syntactic sugar for the Google REST API.
Unfortunately, the question is posed in such a way that it is impossible to give a good and correct answer here. In short, you need to change your attitude towards this paradigm. It just doesn't work the way you imagine. For the knower, this is normal.
If specifically about code protection, outside the properties of the Tables, then there are mechanisms for hiding and distributing protected code. For example, add-ons allow you to "embed code in the Table", while the user cannot change it, he does not even see this code.
I especially note the pointlessness of comparing VBA and GAS .

K
Karpion, 2020-04-30
@Karpion

It seems I understand your question.
You missed that Google Spreadsheets are processed by scripts both on the client (in the browser) and on the server.
Let's say we have a table with three cells:

  1. fully available to me;
  2. available to me as read-only;
  3. not available to me at all.
And now I'm all of this type of super-duper-mega-hacker - I decided to replace the scripts that Google sent me with my own, which do not forbid me anything, but purely specifically do what I wrote in them.
For starters, I simply won’t get the third cell: they will give me a void there or the message “this flower was not grown for you.”
I will get the second cell and even be able to change it. But when I try to write it to the server, they will simply refuse to fulfill my request, they will return the message "I will not change it." At the same time, on my screen in this cell, m. anything - and everyone else who will use this plate (and will have the right to read the second cell) will see the old value there, and not the one that I tried to enter there.
Perhaps it will be easier for you to understand the situation if you imagine that each cell is in a separate file on the file server. So what's the point that the file editor is running on my computer, and I can modify it?

M
Mirtopir, 2021-05-09
@Mirtopir

Great question, but no definitive answer yet.
The problem is open scripts for people with access to edit at least one cell.
And how to deal with this problem is not clear.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question