Google is changing how Apps Script manages Google Cloud Platform (GCP) projects. This will help IT Admins govern these projects and simplify how developers manage projects as well. New Apps Script GCP projects will now live in a new folder (“apps-script”) in the GCP resource hierarchy. This means that new Apps Script projects will be governed by organisation policies defined for GCP projects by IT admins.
Admins, Apps Script developers, and end-users of Apps Script projects
Why you’d use it
- Gives IT admins additional controls: This feature helps make Apps Script projects more secure by providing additional control and visibility over these projects to IT administrators. Admins who have not yet defined organisation policies can now do so to control Apps Script projects. Admins who have already defined organisation policies are now assured that those policies will also be applied to Apps Script projects.
- Simplifies developer project management: Developers no longer need to visit the Cloud Console to enable Google APIs – simply enabling it in the Apps Script editor is now all that’s needed.
- Removes ‘risky’ label for end users: End users of internally-created Apps Script projects will no longer see those projects labeled “risky” when they visit the Google Security Checkup tool at myaccount.google.com.
How to get started
- Admins: Check your organisation policies which will apply to new Apps Script projects.
- Developers: No action needed.
- End users: No action needed.
When an Apps Script project is created, a GCP project is also created and associated with it. This GCP project controls a range of configurations and settings, including API access, G Suite Marketplace API configuration for publishing add-ons, access to Stackdriver logs, and more.
Previously, these GCP Apps Script projects existed outside of the resource hierarchy. Now, new Apps Script projects will be parented by a new “apps-script” folder in the resource hierarchy, specifically at organization root > system-gsuite (new) > apps-script (new).
This means they will be governed by organization policies, which give you centralized and programmatic control over your organization’s cloud resources. Policies that can be managed here include the ability to restrict domains that are allowed to be on the ACL for Cloud projects, specify restricted APIs that Cloud projects can access, and block GCP projects from creating new GCE instances.