Manage App Maker in your domain
As a G Suite administrator, you have a number of tools at your disposal for governing App Maker. These include restrictions, reports and audit logs.
Control who can use App Maker
You can turn App Maker on for your entire domain or restrict it to specific organizational units. From the Admin console, go to AppsAdditional Google ServicesApp Maker.
Control Drive sharing settings
App Maker project files are stored in the app owner's Drive. You can control how users share files in your organization. From the Admin console, go to AppsDrive & Docs.
Learn more about setting file-sharing permissions.
Manage OAuth permissions
You can control the permissions that App Maker apps can request from users in your organization. From the Admin console, go to SecuritySettingsAPI Permissions. We recommend you review the following settings:
- Apps Script runtime–Disables App Maker apps, add-ons, and Apps Script projects that request OAuth scopes specific to the Apps Script environment. Apps Script projects that don't request scopes and those that request scopes only in Google products are unaffected. This setting applies to apps and scripts from both inside and outside your domain.
- Apps Script API–Controls whether OAuth clients can use the Apps Script API to manage projects.
- Whether whitelisted apps should be able to skip authentication requests–uncheck Trust domain owned apps to allow this.
Learn more about whitelisting connected apps.
Skip user OAuth prompts
You can whitelist App Maker apps that will be granted access to user data without requesting user permission. From the Admin console, go to SecurityAdvanced SettingsAuthentication.
Learn more about managing API client access.
View App Maker projects report
You can view a list of all App Maker projects in your organization and get details for each app:
- From the Admin console, go to AppsAdditional Google ServicesApp Maker.
- Click Additional resources.
- Click View list of all App Maker projects.
- (Optional) Click Add a Filter to narrow the list to a specific set of apps:
- Click Title and enter one or more words to find apps with matching titles.
- Click OAuth Scopes and enter a scope. Learn more about the scopes used by App Maker.
- Click an app to open it. The report displays:
- Project information–this section lists:
- the app's creator and owner
- date created
- deployment status: previewed or deployed
- description as entered by the app's author
- last deployed date
- last modified date
- Project ID
- Deployments–for each of the app's deployments, this section lists:
- Deployment ID
- Last deployment date
- Google Cloud Project ID
- OAuth client ID
- Version–the app revision of the deployment.
- OAuth scopes used
- URL–click to open the app.
- Execute as–indicates whether the app runs as the developer or end user. Learn more about an app's execution identity.
- Project metrics
- 7-day error rate
- 7-day users
- 7-day executions
- Project information–this section lists:
Note: to report a bug or request a feature related to the project report, you can create an issue.
View OAuth audit events
You can view OAuth token authorizations for specific OAuth client IDs, users, and scopes. From the Admin console, go to ReportsAuditToken.
Learn more about the OAuth token audit log.
View Drive audit logs
You can view activity by developers and other users who have permission to view or modify App Maker project files. From the Admin console, go to ReportsAuditDrive.
Learn more about the Drive audit log.
If an app is no longer needed, the owner can delete it. A GCP administrator or the owner of an external database can delete the database that is used to store data created by an app's users.
Important: Remind app owners they must record an app's database key before deleting apps. The GCP administrator needs this information to delete the correct Cloud SQL database.
As a G Suite administrator, you can't delete App Maker apps owned by others. However, app developers can delete and export apps they own.
Data created by an app's users is not deleted when a developer deletes the app. If that data is no longer needed, a GCP administrator or the owner of an external database must delete the app's database.Note: Use caution when deleting databases or Cloud SQL instances used by App Maker. Deleting the wrong database may cause a deployed app to stop functioning.
Apps that use a Cloud SQL database
A GCP administrator must delete the database key used by the app. Learn more about deleting a Cloud SQL database.
Apps that use an external MySQL database
The owner of the database should refer to MySQL documentation for information about how to delete an app's database.