I have a Google App Script based WebApp for basic CRUD operations with Google sheet as source of data. This will app be used by multiple users in the team but with restricted access. i.e some users can only Read, some can R & W & others cant have both R/W.
Requirement 1 :To avoid sharing the Google Sheet access to all users, the GAS App is deployed as "Execute as Me" and "Anyone with Google Account" option by the admin user. This works fine.
Requirement 2 : To achieve the user email id based page access control, I am trying to read App User (with google account) email id via Session.getActiveUser().email to get the email id of the app user , but seems it will be blank as per docs for this method if "Execute as me" option is used.
So is there a way to get the email id of app user (with google account) ? to perform further validation if he has access to the page in the app. For Requirement 2.
Note : Requirement 2 could be achieved if "Execute as user accessing the app" option is used. But it forces to share the Google Sheet with all the users in order to be able to view the data in the app. Do not want to share the Google Sheet to all users.
I checked few other suggestions like using Token etc mentioned here. Looking for anyother quick option if possible as it needs another app creation & a bit of refactoring the apis.