Manage App Maker in your domain
As a G Suite administrator, you have several tools to control and monitor App Maker. These include permissions, reports, and audit logs. You can also delete apps and their associated databases.
Manage app permissions
Control who can use App Maker
You can turn on App Maker for:
- your entire domain
- select organizational units
- select access groups
From the Admin console, go to AppsAdditional Google ServicesApp Maker.
Control Drive sharing settings
App Maker project files are stored in the app owner's Drive. You can control how users share Drive files in your organization. From the Admin console, go to AppsDrive & Docs.
Learn more about how to set file-sharing permissions.
Manage OAuth permissions
You can control the permissions that App Maker apps can request from users in your organization. From the Admin console, go to SecuritySettingsAPI Permissions. We recommend you review the following settings:
- Apps Script runtime–Select Enable to allow App Maker apps, add-ons, and Apps Script projects to request OAuth 2.0 scopes specific to the Apps Script environment. This setting applies to apps and scripts from inside and outside your domain. It doesn't apply to Apps Script projects that don't request scopes. It also doesn't apply to Apps Script projects that request scopes only in Google products.
- Apps Script API–Select Enable to allow OAuth 2.0 clients to use the Apps Script API to manage projects.
- Trust domain owned apps—Uncheck the box to allow whitelisted apps to skip authentication requests.
Learn more about how to whitelist connected apps.
Skip user OAuth prompts
You can whitelist App Maker apps so they don't request user permission to access user data.
View App Maker reports and related audit logs
As an admin with App Maker-App Maker Project Reports privileges, you can view a list of all App Maker projects in your organization and get details for each app:
- From the Admin console, go to AppsAdditional Google ServicesApp Maker.
- Click Additional resources.
- Click View list of all App Maker projects.
- (Optional) Click Add a Filter to narrow the list to a specific set of apps:
- To filter by words in app titles, click Title and enter one or more words.
- To filter by scope, click OAuth Scopes and enter a scope. Learn more about the scopes used by App Maker.
- Click an app to open its report. The report displays:
- Project information–this section lists:
- the app's creator and owner
- date created
- deployment status: previewed or deployed
- description as entered by the app's author
- last deployed date
- last modified date
- Project ID
- Deployments–for each of the app's deployments, this section lists:
- Deployment ID
- Last deployment date
- Google Cloud Project ID
- OAuth client ID
- Version–the app revision of the deployment.
- OAuth scopes used
- URL–click to open the app.
- Execute as–indicates whether the app runs as the developer or end user. Learn more about an app's execution identity.
- Project metrics
- 7-day error rate
- 7-day users
- 7-day executions
- Project information–this section lists:
To report a bug or request a feature related to the project report, you can create an issue.
View OAuth audit events
You can view OAuth token authorizations for specific OAuth client IDs, users, and scopes. From the Admin console, go to ReportsAuditToken.
Learn more about the OAuth token audit log.
View Drive audit logs
You can view activity by developers and other users who have permission to view or modify App Maker project files. From the Admin console, go to ReportsAuditDrive.
Learn more about the Drive audit log.
Delete App Maker apps and databases
If an app is no longer needed, the owner can delete it. A Google Cloud Platform (GCP) administrator or the owner of an external database can delete the app database.
Important: Remind app owners they must record an app's database key before they delete apps. The GCP admin needs this information to delete the correct Cloud SQL database.
Delete App Maker apps
As a G Suite admin, you can't delete App Maker apps owned by others. However, app developers can delete and export apps they own.
Delete App Maker databases
Data created by an app's users isn't deleted when a developer deletes the app. If that data is no longer needed, a GCP admin or the owner of an external database must delete the app's database.
Apps that use a Cloud SQL database
A GCP admin must delete the database key used by the app. Learn more about how to delete a Cloud SQL database.
Apps that use an external MySQL database
The owner of the database should refer to MySQL documentation for information about how to delete an app's database.