Define governance policies

When you start creating multiple apps, either as an individual app creator or as a member of a team, there are typically constraints and guidelines that should be applied to every app created. App governance policies are the means by which to express these constraints and guidelines.

The typical reasons to set up app policies are:

  • Design consistency
  • Corporate compliance

Manage policies as described in the following sections:

What is a policy?

A policy is a rule that limits how AppSheet apps are created, managed, and distributed. In plain English, policies look like this:

  • Every app must require users to sign in.
  • Data cannot be deleted though an AppSheet app.
  • Only certain people can mark apps as deployed.
  • Apps can only be shared to a specific email domain.

Each policy has three important components:

  • Condition: A constraint that is checked on each app.
  • Severity:  Error or warning. This tells the platform how to handle the condition if not satisfied. 
  • Stage: When should the policy be checked? 

There are also some other options, including descriptive messages.

Add a predefined policy or a custom policy. See also Predefined policy templates.

Who can add policies?

  • Any individual AppSheet user account has permission to add individual policies.
  • Team Root and Admin accounts can create and manage team policies.

Suggestions:

  • When you add a policy, start by defining a lower severity level (such as Warning), so you don't immediately block users that may already be out of compliance. This is important if you want to preserve the availability of the apps they created.
  • Experiment with the predefined policies. If you want to define a policy that is not predefined, try using the custom policies. Contact AppSheet Support if you need assistance. 
Note: Existing apps will continue to function for users until they attempt an activity that is in violation of the policy.

When are policies auto applied?

Policies are auto applied if the Condition setting is defined using the following format: [field] = constant This includes policies whose Condition setting contains multiple [field] = constant statements that are combined together in an AND function.

For example, the Require sign-in policy has the following condition:

[AuthRequired] = true

This condition will be auto applied in your app and turn on (and prevent you from changing) the Require user signin? setting in the app editor. 

Similarly, the Enforce FedRAMP compliance policy has the following condition:

AND(
   [EnableFirebase]=false,
   [EnableMapsAndGeocoding]=false,
   [ScanningServiceName]="System Default: Google MLKit"
)

The condition will be auto applied and configure (and prevent you from changing) the following External service settings:

Which functions are not supported for use in policies?

The following AppSheet functions are not supported for use in the policy Condition setting: 

EXTRACT(), EXTRACTCHOICE()EXTRACTDATES(), EXTRACTDATETIMES(), EXTRACTDOMAINS(), EXTRACTDURATIONS(), EXTRACTEMAILS(), EXTRACTHASHTAGS(), EXTRACTMENTIONS(), EXTRACTNUMBERS(), EXTRACTPHONENUMBERS(), EXTRACTPRICES(), EXTRACTTIMES(), HERE(), HYPERLINK(), INPUT(), LAT(), LATLONG()LATLONGDISTANCE(), LINKTEXT(), LINKTOAPP(), LINKTOFILTEREDVIEW(), LINKTOFORM(), LINKTOPARENTVIEW(), LINKTOROW(), LINKTOVIEW(), LINKURL(), LONG(), NOW(), OCRTEXT(), RANDBETWEEN(), SNAPSHOT(), TEXTICON(), TIMENOW(), TODAY(), UNIQUEID(), UTCNOW(), and XY()

Also, the CONTEXT() function is only supported using the following keywords: AppName or OwnerEmail

The following AppSheet functions are not supported for use in the policy Condition setting when Stage is set to Enforce Always: 

USEREMAIL(), USERLOCALE(), USERNAME(), USERROLE(), USERSETTINGS(), and USERTIMEZONE()

Access the Policies page

Access the Polices page to view and manage the policies that are in effect for your team or account by selecting one of the following:

  • Admin > Policies in the top navigation 
  • Policies from the account profile drop-down

The Policies page displays.

Policies page showing account policies

As highlighted in the figure, the Policies page enables you to:

  • View the policies that are in effect for your team or account
  • Add a new predefined or custom policy for your account or team
  • Edit or delete a policy
You must have a team root or admin account to be able to add, edit, or delete team policies.

Add a predefined policy

To add a predefined policy:

  1. Access the policies page.
  2. Select the scope, Team or Account.
  3. Click + Account Policy or + Team Policy to add an account-specific or team policy, respectively.
  4. Select a predefined policy template from the Policy Template drop-down.
  5. Click Next.
  6. Configure the policy.
  7. Review policy compliance.
  8. Click Save.

Add a custom policy

The custom policy template lets you create a rule based on a specific component of the AppSheet service. 

To create a custom policy:

  1. Access the policies page.
  2. Select the scope, Team or Account.
  3. Click + Account Policy or + Team Policy to add an account-specific or team policy, respectively.
  4. Select Custom policy from the Policy Template drop-down.
  5. Click Next.
  6. Configure the policy.
  7. Review policy compliance.
  8. Click Save.

Configure the policy

Configure the policy settings described in the following table.

Setting

Description

Name

Name of the policy that will appear on the Policies page.

Component

Custom policies only. Select the AppSheet component impacted by the custom policy. Almost every aspect of the app definition can be governed by policies.

Condition

Constraint that is checked on each app. For the predefined templates, the condition is defined. For example, the Require sign-in policy has the condition: [AuthRequired] = true

Modify the condition expression, if required.

For a list of column names that you can include in the condition expression, see Condition expression reference for governance policies. For the list of functions that are not supported for use in the condition expression, see Which functions are not supported for use in policies?

NoteThe syntax for conditions is identical to the expression syntax used in the rest of AppSheet. 

Severity

Flag that specifies how to handle the condition if not satisfied. Valid values are Error or Warning.

Target

Apps that are targeted by the policy. Valid values include All Apps, Prototype Apps, or Deployed Apps.

Stage

Stage that the policy should be checked. Valid values include:

  • Check on App Edit - Flags non-compliant behavior when the app is edited.
  • Check on Deployment - Flags non-compliant behavior when the app is deployed.
  • Enforce always - Flags non-compliant behavior at runtime as soon as the policy is saved.

Enforce always is the default for most policies. However, for a subset of policies, Check on Deployment may be more appropriate to make sure an activity is completed before the app is deployed (such as, Apps must have documentation).

Note the following: 

  • Do not set this value to Check on Deployment if Target is set to Deployed Apps.
  • If Stage is set to Enforce always:
    • It can take up to 15 minutes before the policy is enforced.
    • At this time, apps that use files or images may not be completely shut down. Contact AppSheet Support if you need assistance.

Description

Description of the policy that will appear on the Policies page.

Success Message

Message to be displayed if policy is successfully adhered to.

Failure Message

Message to be displayed if the policy is violated.

Review policy compliance

When you configure the policy, in the right pane of the Define an App Policy dialog, you can review policy compliance to confirm the results are as expected for each version (latest and stable) of your app before you save the policy. 

For example:

Policy check showing compliant and non-compliant apps

As shown, apps are organized into two categories: Non-compliant and Compliant. For non-compliant apps, the impact to the app is dependent on the policy severity and stage settings.

Policy severity Description
Error App is prevented from being deployed or edited. The app may become unavailable to users if Stage is set to Enforce Always.
Warning Warning will be shown when deploying or editing the app.
If an app version is unexpectedly compliant or non-compliant, review the app or policy configuration to ensure that it is operating as originally intended.

Edit a policy

Note: You must have Team Root or Admin privileges in order to edit a team policy.

To edit a policy:

  1. Access the policies page.
  2. Select the scope, Team or Account.
  3. Select More > Edit for the policy you want to edit.
    The Define an App Policy dialog displays.
  4. Edit the policy configuration, as desired.
  5. Review policy compliance.
  6. Click Save.

Delete a policy

Note: You must have Team Root or Admin privileges in order to delete a team policy.

To delete a policy:

  1. Access the policies page.
  2. Select the scope, Team or Account.
  3. Select More > Delete for the policy you want to delete.
    The Define an App Policy dialog displays.
  4. Click Delete Policy to confirm the action.
Was this helpful?
How can we improve it?

Need more help?

Try these next steps:

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
true
true
false
false