Ensuring security and privacy in apps and for data is as important as building app features. App Maker security is a continuous team effort by many people in your organization. Consider app security as soon as your administrator turns on App Maker. Manage security as you create and deploy apps. Work with your app users to protect user and organization data.
App Maker developers and security
As you create and manage apps, you can do the following:
- Control who can read or edit the app project file in Drive. Learn more
Set up permissions roles that you use to control who can:
Hide and write access control into server scripts. Learn more
Export and import apps and modules. Learn more
When you deploy an app, you can do the following:
- Set an app to run under your account or the app user's account. Learn more
- Control who can run the app. Learn more
- Add groups and users to app roles. Learn more
- Export and import app data in an app package (app owners and users with edit or view permissions for the app project file). Learn more
Developer best practices
- Keep the app project file in your Drive private. Give edit access to the project only to other people in your organization who need to work on the app.
- To share the scripts, pages, and model setup without sharing app data, export the app to an app package and share that. Only import apps, scripts, pages, and models from trusted sources and review their security settings before you deploy them. Be aware of what you share with others; your app might reveal sensitive information about your models and pages through scripts and bindings.
- Create at least two roles besides the built-in Admin role, such as "manager" and "user", that you can use to control permissions to pages and data. Allow the minimum permissions for your app to complete tasks successfully.
- Write access control into server scripts and set model security to better protect data. Don't rely on UI permissions or client scripts, which are inherently insecure.
- Unless required by the app workflow, don't run the app as the developer.
- Review your deployment permissions roles periodically and update them for people who change positions or leave your organization.
App users and security
To help app users make good decisions about data security, use these best practices when you share an app:
- Tell users the purpose of the app and how the app uses their information.
- Ask users to protect their account to prevent unauthorized access to the app.
Learn more about app user security.