Manage App Maker in your domain

As a G Suite administrator, you have a number of tools at your disposal for governing App Maker. These include restrictions, reports and audit logs.

Manage app permissions 

Control who can use App Maker

You can turn App Maker on for your entire domain or restrict it to specific organizational units. From the Admin console, go to Appsand thenAdditional Google Servicesand thenApp Maker

Control Drive sharing settings

App Maker project files are stored in the app owner's Drive. You can control how users share files in your organization. From the Admin console, go to Appsand thenDrive & Docs

Learn more about setting file-sharing permissions

Manage OAuth permissions

You can control the permissions that App Maker apps can request from users in your organization. From the Admin console, go to Securityand thenSettingsand thenAPI Permissions. We recommend you review the following settings: 

  • Apps Script runtime–Disables App Maker apps, add-ons, and Apps Script projects that request OAuth scopes specific to the Apps Script environment. Apps Script projects that don't request scopes and those that request scopes only in Google products are unaffected. This setting applies to apps and scripts from both inside and outside your domain.
  • Apps Script API–Controls whether OAuth clients can use the Apps Script API to manage projects. 
  • Whether whitelisted apps should be able to skip authentication requests–uncheck Trust domain owned apps to allow this. 

Learn more about whitelisting connected apps.

Skip user OAuth prompts

You can whitelist App Maker apps that will be granted access to user data without requesting user permission. From the Admin console, go to Securityand thenAdvanced Settingsand thenAuthentication.

Learn more about managing API client access.

View App Maker reports and related audit logs

View App Maker projects report

You can view a list of all App Maker projects in your organization and get details for each app:

  1. From the Admin console, go to Appsand thenAdditional Google Servicesand thenApp Maker.
  2. Click Additional resources.
  3. Click View list of all App Maker projects
  4. (Optional) Click Add Add a Filter  to narrow the list to a specific set of apps:
    • Click Title and enter one or more words to find apps with matching titles.
    • Click OAuth Scopes and enter a scope. Learn more about the scopes used by App Maker.
  5. Click an app to open it. The report displays:
    • Project information–this section lists:
      • the app's creator and owner
      • date created
      • deployment status: previewed or deployed
      • description as entered by the app's author
      • last deployed date
      • last modified date
      • Project ID
    • Deployments–for each of the app's deployments, this section lists:
      • Deployment ID
      • Last deployment date
      • Google Cloud Project ID
      • OAuth client ID
      • Version–the app revision of the deployment.
      • OAuth scopes used
      • URL–click to open the app.
      • Execute as–indicates whether the app runs as the developer or end user. Learn more about an app's execution identity.
    • Project metrics
      • 7-day error rate
      • 7-day users
      • 7-day executions

Note: to report a bug or request a feature related to the project report, you can create an issue

View OAuth audit events

You can view OAuth token authorizations for specific OAuth client IDs, users, and scopes. From the Admin console, go to Reportsand thenAuditand thenToken.

Learn more about the OAuth token audit log.

View Drive audit logs

You can view activity by developers and other users who have permission to view or modify App Maker project files. From the Admin console, go to Reportsand thenAuditand thenDrive.

Learn more about the Drive audit log

Delete App Maker apps and databases

If an app is no longer needed, the owner can delete it. A GCP administrator or the owner of an external database can delete the database that is used to store data created by an app's users.

Important: Remind app owners they must record an app's database key before deleting apps. The GCP administrator needs this information to delete the correct Cloud SQL database.

Delete apps

As a G Suite administrator, you can't delete App Maker apps owned by others. However, app developers can delete and export apps they own.

Delete databases

Data created by an app's users is not deleted when a developer deletes the app. If that data is no longer needed, a GCP administrator or the owner of an external database must delete the app's database.

Note: Use caution when deleting databases or Cloud SQL instances used by App Maker. Deleting the wrong database may cause a deployed app to stop functioning.

Apps that use a Cloud SQL database

A GCP administrator must delete the database key used by the app. Learn more about deleting a Cloud SQL database.

Apps that use an external MySQL database

The owner of the database should refer to MySQL documentation for information about how to delete an app's database.

Was this article helpful?
How can we improve it?