You can create policies to control the behavior of almost every aspect of the creation, management, and distribution of AppSheet apps.
When defining an app policy, you have two options:
- Use a predefined policy template. See Add a predefined policy.
- Write your own custom policy from scratch. See Add a custom policy.
Using a predefined template can help you to get a configured policy running quickly. You can also use a template as a starting point for writing your own customized version of a policy.
To write your own, more complex policies, you may want to create your own custom policy from scratch.
App policy templates
|
Template name |
Description |
|
Acceptable image resolution |
Requires that images captured in apps meet a minimum specified resolution. See also Control image size. |
|
Apps must have documentation |
Requires that apps include documentation before they can be deployed. See App documentation on the About page. |
| Disable AppSheet databases |
Prevents use of AppSheet databases, as follows:
|
| Disable Chat apps | Prevents app creators from enabling their AppSheet apps to run as Chat apps. See Prevent app creators from enabling Chat apps with AppSheet. |
| Disable external integration through app API |
Prevents app creators from setting up API-based integration with external cloud services that send data to an app. Enabling this policy disables use of the AppSheet API. See Prevent app creators from enabling the API. |
| Disable Google Forms Event |
Prevents app creators from building an automation using Google Forms. |
| Disable Google Forms Table |
Prevents app creators from creating an app using Google Forms or adding a table using a form from Google Forms. |
| Disallow webhook |
Prevents app creators from using webhooks in their apps. See Prevent app creators from using webhooks. |
|
Enable offline use |
Requires that apps are configured to run offline by turning on The app can start when offline when configuring settings for offline use. See Enable app to start when offline. |
|
Enforce FedRAMP compliance |
Requires that all apps only use FedRAMP-compliant services and features. |
|
Must sync-on-start |
Requires that apps refresh their data each time they start. See Sync on start. |
|
Only users from specific domain |
Only allows users from specific domains to access apps. Note: When configuring this policy template, you’ll need to replace |
|
Prevent row delete |
Prevents apps from deleting rows of data in their connected data sources by ensuring the Deletes option is always unchecked in table settings. See Control add, update, and delete operations. |
| Require direct sharing |
Requires that access is only granted to users explicitly shared to an app in the sharing dialog. Only individual users users added directly to an app can access it, ensuring that sign-in is required and all access is explicitly managed through the sharing dialog. Restricts app access as follows:
|
|
Require sign-in |
Restricts public access to apps by requiring users to sign in (authenticate) to access an app. Note: To restrict the authentication provider used during sign-in, use the Restrict authentication provider policy.
The Require sign-in policy applies to the app itself and doesn't necessarily restrict automation events that are triggered by changes made to external sources (e.g., automations triggered by submissions to a Google Form by external users). App creators can configure their apps in ways that prevent AppSheet from identifying who is triggering the automation event. It is always the app creator's responsibility to ensure that external sources comply with their organizational rules and policies as well as AppSheet terms of service. |
| Restrict app sharing |
Restricts app sharing as follows:
See also: Share: The Essentials Note: To restrict sharing of apps with external users, use the Restrict external app sharing policy described below.
The Restrict app sharing policy applies to the app itself and doesn't necessarily restrict automation events that are triggered by changes made to external sources (e.g., automations triggered by submissions to a Google Form by external users). App creators can configure their apps in ways that prevent AppSheet from identifying who is triggering the automation event. It is always the app creator's responsibility to ensure that external sources comply with their organizational rules and policies as well as AppSheet terms of service. |
| Restrict authentication provider |
Restricts user sign-in to one authentication provider. Google is the default. To specify the authentication provider, use one of the following strings:
Note: To fully restrict access by users outside of the owner's domain, use this policy in conjunction with the Require sign-in policy.
|
| Restrict Automation email attachments | Prevents app creators from adding an attachment to emails that are sent from automations. See Prevent app creators from adding email attachments in automations. |
|
Restrict data sources |
Restricts app access to specific data sources by data source name. |
| Restrict external app sharing |
Restricts app sharing to only emails or domains internal to the domain belonging to the app owner's organization. For an AppSheet organization, this includes all secondary domains managed by the parent Google Workspace account, if applicable. Note: To fully restrict access by users outside of the owner's domain, use this policy in conjunction with Restrict authentication provider (described previously).
|
| Restrict external data sources and auth domains |
Prevents app creators from using external data sources and authentication domains in an app. For Workspace users: Only Workspace authentication and data sources are allowed. For non-Workspace users: The app editors are only allowed to attach the data sources to an app or integrate with the auth domains with the apps that are the same as the app owner's email domain. See also: |
| Restrict external database sharing |
Restricts AppSheet database sharing to only emails or domains internal to the domain belonging to the app owner's organization. For an AppSheet organization, this includes all secondary domains managed by the parent Google Workspace account, if applicable. See also Restrict external database sharing. |
|
Restrict providers attachable to apps |
Restricts app access to specific data source types. To specify data source types, use one or more of the following strings:
|
| Restrict use of external apps |
Blocks users from accessing apps created externally to your organization. For Workspace users with an AppSheet organization: Your "organization" is defined as all verified domains associated with your Workspace account. If an app is created in the same Workspace organization or verified domain, it is considered to be internal and will not be blocked. For non-Workspace users or Workspace customers without an AppSheet organization: If an app is created in the app owner's email domain, it is considered to be internal and will not be blocked. |
|
Restrict who can deploy apps |
Restricts app deployment to specific app creators. Note: You will need to specify the IDs of the app creators that are allowed to deploy apps by editing the
LIST(11111, 11122) function in the policy condition expression. To determine the ID of an app creator, go to your team members page and view the ID adjacent to the email address for each app creator on your team. |
|
Run as app creator |
Ensures all apps run using the app creator’s identity to access connected data sources by ensuring that the access mode is set to "as app creator". See Access mode: as app creator or app user. |