The values returned by getActiveUser() and getEffectiveUser() depend on several factors:
The type of account that owns the script
Who is accessing the web app
The "Execute as" and "Who has access" settings in the deployment configuration
Execute as: "Me (your_email_address@gmail.com)"
Who has access: "Anyone"
getActiveUser()
Returns your_email_address@gmail.com when the web app is visited by you (the script owner)
Returns Unavailable when the web app is visited by anyone else
getEffectiveUser()
Always returns your_email_address@gmail.com (the script owner)
Benefits:
Visitors don't need to grant authorization—the script runs using the owner's authorization.
The script can securely access other resources (e.g., Google Sheets) that belong to the owner.
Limitations:
The script can't verify who the visitor is unless it's the owner of the script.
getActiveUser() can't be used to restrict access based on specific users—only the script owner can be reliably detected.
Execute as: "User accessing the web app"
Who has access: "Anyone with a Google Account"
getActiveUser()
Always returns the email address of the visitor
getEffectiveUser()
Always returns the email address of the visitor
Benefits:
Visitors can be authenticated and authorized, allowing access control based on individual users.
Suitable when access should depend on the identity of the visitor.
Limitations:
Visitors must grant permission to run the script.
If the script needs access to external resources (e.g., Google Sheets), those resources must be shared with the visitor, or access will fail.
Execute as: "Me (your_email_address@gmail.com)"
Who has access: "Anyone"
getActiveUser()
Returns visitor_email_address@domain.com if the visitor is part of the Workspace
Returns Unavailable if the visitor is not part of the Workspace
getEffectiveUser()
Always returns your_email_address@domain.com (the script owner)
Benefits:
Visitors don't need to grant authorization—the script runs using the owner's authorization.
The script can securely access other resources (e.g., Google Sheets) that belong to the owner.
Depending if the visitor is part of the Workspace or not, the script can verify if the visitor has access.
getActiveUser() can be used to restrict access based on specific users.
In Google Drive, navigate to New > More > Google Apps Script
An alert popup will appear saying: "All Drive folder collaborators will have access to this file"
Click 'Create script'
A new apps script file will be generated with a basic myFunction placeholder function inside the Code.gs file
Select everything in the Code.gs file of your apps script, and delete it
Select everything in the sample Code.gs code block below, and copy it
Paste the new code into your Code.gs file
On the left hand side, click the ➕ icon next to Files.
Choose HTML
Give it the name Index
The new Index.html file will be generated with some basic html code.
The new Index.html file will be listed on the left hand side under the Code.gs file.
Select everything in the Index.html file of your apps script, and delete it
Select everything in the sample Index.html code block below, and copy it
Paste the new code into your Index.html file
Click the 💾 Save icon, it's next to the ▶ Run button.
Click the Deploy button in the top right corner.
Click 'New deployment'.
A new window will open.
Click the ⚙️ gear icon next to Select type
Choose 'Web app'.
Set the Web app options on the right hand side, as follows:
Execute as: "Me (your_email_address@domain.com)"
Who has access: "Anyone"
Click the Deploy button in the bottom right corner of the window.
Click the Authorise access button in the top left of the window.
A new window will open.
Click your email address.
Click 'Continue'.
The window will close and return to the previous window.
Click the 🗗 Copy icon to copy the URL of your deployed web app.
Click the Done button in the bottom right corner of the window.
Test the deployment.
Paste the link into an email and send it to someone on your team, and ask them to click the link in a desktop browser on computer.
Ask them to report back what is shown on screen for the "Active User Email" and the "Effective User Email".
Repeat steps 13 - 14.
Repeat step 17, but this time use the following deployment settings:
Execute as: "User accessing the web app"
Who can access: "Anyone with a Google Account"
Repeat step 18.
Repeat steps 22 - 24.
Compare the results.
function doGet() {
const template = HtmlService.createTemplateFromFile('Index');
template.activeUser = Session.getActiveUser().getEmail();
template.effectiveUser = Session.getEffectiveUser().getEmail();
const output = template.evaluate()
.setTitle("User Email Info")
.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL)
.addMetaTag('viewport', 'width=device-width, initial-scale=1');
return output;
}
<!DOCTYPE html>
<html>
<head>
<base target="_top">
<style>
body {
font-family: Arial, sans-serif;
margin: 2em;
}
.email-box {
margin: 1em 0;
padding: 1em;
background: #f0f0f0;
border-radius: 8px;
}
</style>
</head>
<body>
<h2>User Email Information</h2>
<div class="email-box">
<strong>Active User Email:</strong>
<div><?= activeUser || 'Unavailable' ?></div>
</div>
<div class="email-box">
<strong>Effective User Email:</strong>
<div><?= effectiveUser || 'Unavailable' ?></div>
</div>
</body>
</html>