Define governance policies

When you start creating multiple apps, either as an individual app creator or as a member of a team, there are typically constraints and guidelines that should be applied to every app created. App governance policies are the means by which to express these constraints and guidelines.

The typical reasons to set up app policies are:

Design consistency
Corporate compliance

Manage policies as described in the following sections:

What is a policy?
Who can add policies?
Predefined policy templates
View policies in effect for your account
Add a predefined policy
Add a custom policy
Edit a policy
Delete a policy

What is a policy?

A policy is a rule that limits how AppSheet apps are created, managed, and distributed. In plain English, policies look like this:

Every app must require users to sign in.
Data cannot be deleted though an AppSheet app.
Only certain people can mark apps as deployed.
Apps can only be shared to a specific email domain.

Each policy has three important components:

Condition: a constraint that is checked on each app.
Severity: Error, warning, or info. This tells the platform how to handle the condition if not satisfied.
Stage: When should the policy be checked? The most common choice is to choose the Deployment Check phase.

There are also some other options, including descriptive messages.

Who can add policies?

Any individual AppSheet user account has permission to add individual policies.
Team Root and Admin accounts can create and manage team policies.

Suggestions:

When you add a policy, start by defining a lower severity level (such as Warning), so you don't immediately block users that may already be out of compliance. This is important if you want to preserve the availability of the apps they created.
Experiment with the predefined policies. If you want to define a policy that is not predefined, try using the custom policies. Contact AppSheet Support if you need assistance.

Note: Existing apps will continue to function for users until they attempt an activity that is in violation of the policy.

Predefined policy templates

You can create policies on almost every aspect of the app creation, management, and distribution of AppSheet apps. The following predefined templates can be used to get started quickly, or you can define more complex policies through custom policies.

Predefined policy template	Description
Require sign-in	Apps must require user sign-in
Run-as app creator	Apps cannot be run by the app user
Prevent row delete	Apps cannot delete data
Restrict data source attachable to apps	Apps can access only specific data sources
Restrict providers attachable to apps	Apps can access only specific providers
Acceptable image resolution	Apps require a minimum resolution for captured images
Must sync-on-start	Apps must refresh their data each time they start
Enable offline use	Apps must be configured to run offline
Restrict Prototype Authentication	Apps must: Require user sign-in Prevent all signed-in users from accessing the app (disable Allow all signed-in users) Disable Require domain authentication By default, this policy applies to prototype apps; you can change the targeted apps to all or deployed apps. Note: It is required that you use this policy with Restrict Prototype Sharing to fully limit prototype access. See Restrict prototype sharing of apps.
Restrict who can deploy apps	Apps can be deployed only by specific app creators
Apps must have documentation	Apps must include documentation; see App documentation on the About page
Only users from specific domain	Only users from a specific domain can access the app
Enforce FedRAMP compliance	Apps are FedRAMP compliant
Restrict Prototype Sharing	Apps must: Prevent the sharing of apps with an entire domain in the Share dialog Limits the number of users that the app can be shared with in the Share dialog (defaults to 5) See also: Share: The Essentials By default, this policy applies to prototype apps; you can change the targeted apps to all or deployed apps. Note: It is required that you use this policy with Restrict Prototype Authentication to fully limit prototype access. See Restrict prototype sharing of apps.
Block External Apps	Block apps that are created externally to your domain and Workspace organization (for Workspace users) to prevent phishing or data leakage. Note for Workspace users: if an app is created in the same Workspace organization OR domain, it is considered to be internal and will not be blocked.

View policies in effect for your account

View all policies in effect, including your account and team policies, select My account > Policies.

Add a predefined policy

To add a predefined policy:

Select My account > Policies.
Click + Account Policy or + Team Policy to add an account-specific or team policy, respectively.
Select a predefined policy template from the Policy Template drop-down.
Click Next.
Configure the policy.

Field	Description
Name	Name of the policy that will appear on the Policies page.
Condition	Constraint that is checked on each app. For the predefined templates, the condition is defined. For example, the Require sign-in policy has the condition: `[AuthRequired] = true` Modify the condition expression, if required. Note: The syntax for conditions is identical to the expression syntax used in the rest of AppSheet.
Severity	Flag that specifies how to handle the condition if not satisfied. Valid values are Error or Warning.
Target	Apps that are targeted by the policy. Valid values include All Apps, Prototype Apps, or Deployed Apps.
Stage	Stage that the policy should be checked. Valid values include Check on App Edit or Check on Deployment (most common). Note: Do not set this value to Check on Deployment if Target is set to Deployed Apps.
Description	Description of the policy that will appear on the Policies page.
Success Message	Message to be displayed if policy is successfully adhered to.
Failure Message	Message to be displayed if the policy is violated.

Click Save.

Add a custom policy

The custom policy template lets you create a rule based on a specific component of the AppSheet service.

To create a custom policy:

Select My account > Policies.
Click + Account Policy or + Team Policy to add an account-specific or team policy, respectively.
Select Custom policy from the Policy Template drop-down.
Click Next.
Configure the policy.

Field	Description
Name	Name of the policy that will appear on the Policies page.
Component	Select the AppSheet component impacted by the custom policy. Almost every aspect of the app definition can be governed by policies.
Condition	Define the condition expression. Note: The syntax for conditions is identical to the expression syntax used in the rest of AppSheet.
Severity	Flag that specifies how to handle the condition if not satisfied. Valid values include: Error - App will fail to open if it's in violation of the policy. Warning - Alert is sent to app creator, but app will continue to work.
Stage	Stage that the policy should be checked. Valid values include App editing or Deployment Check.
Description	Description of the policy that will appear on the Policies page.
Success Message	Message to be displayed if policy is successfully adhered to.
Failure Message	Message to be displayed if the policy is violated.

Click Save.

Edit a policy

Note: You must have Team Root or Admin privileges in order to edit a team policy.

To edit a policy:

Select My account > Policies.
Click the policy that you want to delete.
The Define an App Policy dialog displays.
Edit the policy as desired.
Click Save.

Delete a policy

Note: You must have Team Root or Admin privileges in order to delete a team policy.

To delete a policy:

Select My account > Policies.
Click the policy that you want to delete.
The Define an App Policy dialog displays.
Click Delete.

Was this helpful?

How can we improve it?