Publish add-on as a user inside of the GSuite account

[Alan Wells]

A developer could ask the organization to give them a user account inside of the GSuite account, and then publish the add-on from the user account.  Would that protect the developers code?  Or does the admin have a way to get files from the user's account?  That would both protect the developers code, and move the responsibility for restricted scopes to the GSuite account.  The organization would need to pay for the user account, so that would be a cost to them.

[Steve Webster]

I like where you are going. We could treat this like I do with bad actors. In this case, create a bunch of stuff to reduce the chance of code to be shared. 

1. some legal agreement,

2. your user account idea.

3. within the code it does a urlFetch to verify the user (or google group of user accounts) are allowed to run the add-on (web app).

4. -- any other ideas to reduce the chance of source code being shared?

Another thought is the source code has "/edit" URL suffix. To run the add-on (web app), the "/exe" suffix is used. Is it possible to just share the "exe" portion? I'm not aware of any, but thought I would ask :)

Kind Regards,

Steve Webster

SW gApps LLC, President 

Google Product Expert in: Google Apps Script, Drive, and Docs 

Google Vendor (2012-2013) || Google Apps Developer Blog Guest Blogger 

Add-ons: Text gBlaster and Remove Blank Rows

On Fri, Jun 14, 2019 at 10:36 AM Alan Wells <aj.a...@gmail.com> wrote:

A developer could ask the organization to give them a user account inside of the GSuite account, and then publish the add-on from the user account.  Would that protect the developers code?  Or does the admin have a way to get files from the user's account?  That would both protect the developers code, and move the responsibility for restricted scopes to the GSuite account.  The organization would need to pay for the user account, so that would be a cost to them.

--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-script-community.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/bdce6653-0158-4a7b-8dce-a388350bc266%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dimu Designs]

Unfortunately, for accounts that have domain-wide delegation of authority enabled, an admin will be able to access user content. If they are savvy enough, they can use a service account with Domain-wide authority to access all the files (including scripts) in a user account via the Drive API.