Is there a way to let a user edit another spreadsheet with a script and hide it from him at the same time?

Question

I have two main spreadsheets. The first is like a database, let\'s call it "A". The second ("B") will be used by the user to view some records from the &

Answer 1

Publish a webapp bound from Spreadsheet A:

• Access: Anyone, even anonymous or Anyone

• Execute as: Me

• WebApp scopes: Current spreadsheet only(Add //@OnlyCurrentDoc jsdoc)

• Functions in script(script1): doPost()

• POST request from script(say, script2) in SpreadsheetB on behalf of user.

• If access:Anyone is used, then the script1 needs to be shared with user(view access) and user's drive scope needs to be included in the post request.

• The above conditions don't apply to Anyone, even anonymous. However at this point, Anyone in the world including bots maybe able to access your spreadsheet. It's upto you to enforce any kind of authorization/security to stop such attacks inside doPost.

• Another way is just to publish another webapp(script3) with access: anyone and execute as: "User accessing the webapp" => get their email server side => post to script1 webapp. In this case again, if script1 is published with Access:Anyone, even anonymous, You need to take care of authorization between the two webapps.

• Also note that service accounts can be used. Some service account can be used to just access a Webapp script with Access:Anyone in order to avoid drive scope. Some can be used to access userdata via domain wide delegation.