--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/6fbd0d78-f9b5-4c70-8013-3e412a6707ca%40googlegroups.com.
--
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/CABEd-bzez-98TVVgotuaNev%3DWh9NsQGEkMdnJu7vNXZsWkHz_A%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/CAN1QPJQLVPo3-vBa2rjQF4XEhF5kP-bcFGcS7cuo9-hQKCjrBw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/CAHeo4XiXhEepKOSCEBMOmOVxbYWY_xH7CrX3BK9Ymh6tHxpV%3DQ%40mail.gmail.com.
"If you submitted an app that requests restricted scopes, and the app accesses Google user data from or through a server, one of the follow-up verification steps will be to get your app reviewed by an independent security assessor. This assessment helps keep Google users’ data safe by verifying that all apps that access Google user data demonstrate a minimum level of capability in handling data securely and deleting user data upon user request.
Assessments will be conducted by a Google-designated third-party assessor, may cost between $15,000 and $75,000 (or more) depending on the complexity of the application, and will be payable by the developer. This fee may be required whether or not your app passes the assessment. We expect that fees will include a remediation assessment if needed. If your app has previously completed an adequate security assessment as determined by the assessor, you will be able to provide a letter of assessment that may reduce the scope of the review."
Why is the security assessment needed?
To help keep user data safe, we are requiring apps that are requesting restricted scopes and store data or have the ability to store data on (or transmit data through) servers that are not fully managed Google services to demonstrate a minimum level of capability in handling data securely and deleting user data upon user request. Customers manage Google Cloud and FirebaseCP services, so they would still require a security assessment. Google fully manages storing user data in Google Drive via drive.appdata, so this type of data storage does not require a security assessment.
How will the security assessment work?
First, your application will be reviewed for compliance with the Google API Services: User Data Policy via the restricted scope verification you submit through the Cloud Console. Upon completing most of the checks in the restricted scope verification, you will receive an email with third-party security assessors who you can contact and use to perform your security assessment.
Assessments will be conducted by a Google-designated third-party assessor, may cost between $15,000 and $75,000 (or more) depending on the complexity of the application, and will be payable by the developer. This fee may be required whether or not your app passes the assessment. We expect that fees will include a remediation assessment if needed. If your app has previously completed an adequate security assessment as determined by the assessor, you will be able to provide a letter of assessment that may reduce the scope of the review.
Why is Google charging a fee for the security assessment?
The assessment fee is paid directly to the assessor and not to Google. A certified third party will complete the security assessment to ensure the confidentiality of your application. Depending on the scope and complexity of your app, the cost for the third-party assessment may vary from $15,000 to $75,000. Smaller apps will be on the lower end, while more complex apps will require more review and expense.
Existing assessments that meet the security assessment program standards might reduce the scope and cost of your review. The assessors will consider existing assessments in their review.
Because we’ve pre-selected industry-leading assessors, the letter of assessment your app will receive can be used for other certifications or customer engagements where a security assessment is needed.
So there are also some exceptions as up to 100 users or/and AppScript for personal use (my optionS). This exceptions give the option to not submited to review, however I have to do it anyway (I don't know why...)
Now my doubt:
So from this questions and answers I have understood that for google drive in my app script there is not a security assessment...just a verification. What do you think it?
I would be curious to understand how they contact the assessor and how payments works...mmmm....
Now I've unpublished my appscript, add scopes in oAuth 2.0 and republish app.
Suggests? What do you think about all this?
function gestiscidatabase()
{
var fileid = PropertiesService.getScriptProperties().getProperty('FILEID')
Logger.log(fileid)
if(fileid !== null)
{
var htmlOutput = HtmlService.createTemplateFromFile('interfacciaDB')
htmlOutput.avviso = "Database PRESENTE"
htmlOutput.name = SpreadsheetApp.openById(fileid).getName()
SpreadsheetApp.getUi().showSidebar(htmlOutput.evaluate().setTitle("ValueYourTime2020 - Gestione Database"))
}
else
{
var htmlOutput = HtmlService.createTemplateFromFile('interfacciaDB')
htmlOutput.avviso = "Database ASSENTE"
htmlOutput.name = "ATTENZIONE: Database assente"
SpreadsheetApp.getUi().showSidebar(htmlOutput.evaluate().setTitle("ValueYourTime2020 - Gestione Database"))
}
}
function onInstall(e) {
onOpen(e);
}
//
function onOpen(e) {
SpreadsheetApp.getUi().createAddonMenu()
.addItem('Mostra interfaccia', 'avvisodatabase')
.addItem('Gestisci Database', 'gestiscidatabase')
.addToUi();
}
--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/6146787f-5aba-406f-b8f5-9eea05147b5c%40googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-community+unsub...@googlegroups.com.