Área de clientes

Granular OAuth consent in Google Apps Script IDE executions

por | Ene 9, 2025 | Noticias

Qué está cambiando

Google offers a wide variety of APIs that Google Apps Script developers can use to build features for Google users. The data access that these APIs can reference is governed by the OAuth scopes of each Workspace application, which users are required to authorize before a script can run. Historically, the OAuth consent screen has asked the user to authorize all of the necessary OAuth scopes to run a given script. 
This screenshot shows the current OAuth consent screen, which requires the user to authenticate all or none of the requested OAuth scopes.
This screenshot shows the old OAuth consent screen, which requires the user to authenticate all or none of the requested OAuth scopes.

Starting today, the OAuth consent screen will now let users specify which individual OAuth scopes they would like to authorize. For example, if a script requests access to a user’s Sheets and Forms files, and the users only intends to use the script with Sheets files, they can decide to only allow access to their spreadsheets and not their forms. This affords users the benefit of more granular control over what data their 3P applications are allowed to access.
This screenshot shows the new OAuth consent screen, which lets the user provide consent for a subset of the requested OAuth scopes.
This screenshot shows the new OAuth consent screen, which lets the user provide consent for a subset of the requested OAuth scopes.

Más información

To complement the release of this new consent flow, we’re also adding methods to the ScriptApp y AuthorizationInfo classes that let Apps Script developers programmatically interact with the scopes granted for a script. Refer to the developer documentation para más información.
After a user grants permission to a script, Apps Script might request OAuth consent again in the following cases: 
  • The user, who has granted consent to a subset of the requested OAuth scopes, tries to run a part of the script that was not previously authorized. 
  • The script is updated in such a way that it requires permission for additional scopes. 
  • The user revoked access to the script from their Google Account settings.

All past execution failures will be logged in the execution history. Each OAuth failure will contain a hyperlink that users can use to provide the permissions that were missing. 

Getting Started 

  • Admins: There is no admin control for this feature. 
  • Developers and end users: 
    • Granular OAuth consent is only available for scripts that have finished migrating to the V8 runtime. If you would like to utilize granular consent on one of the few remaining Rhino scripts, you can manually migrate to V8 by following these instructions.
    • This new consent screen will only be used for new OAuth scope grants. Pre-existing scope grants will not be affected, so no action is required by users on scripts they’ve already authorized. 
    • The new consent screen will be launched first to the Apps Script IDE (i.e. executing a script directly from Apps Script). The consent screen will launch to the remaining surfaces in the future: 
      • Google Ads Script
      • Macro executions 
      • Trigger executions 
      • Web app executions 
      • API Executions 
      • Chat apps
      • Add-ons 

Ritmo de implantación 

Disponibilidad 

  • Disponible para todos los clientes de Google Workspace y suscriptores individuales de Workspace

Recursos

Use Gemini to interact with PDFs in Google Drive’s overlay file previewer

por | Ene 9, 2025 | Noticias

Qué está cambiando

Earlier this year, we introduced the ability to use Gemini in Google Drive to interact with PDFs. To improve your viewing experience when reviewing PDFs from Drive, we’re excited to announce that Gemini in the side panel of Drive is now integrated into Drive’s overlay file previewer. 
As a result, you can seamlessly switch between multiple files while leveraging AI capabilities using Gemini in Drive to do things like: 
  • Admins: To access Gemini in the side panel of Workspace apps, users need to have smart features and personalization turned on. Admins can activar la configuración de personalización por defecto para sus usuarios en la consola de administración. 
  • Usuarios finales:
    • To access this feature, double-click on a PDF from the Google Drive file list and click on “Ask Gemini” (star button) in the top right corner. 
    • Note: When Gemini initially launched in Workspace, PDFs viewed in Drive opened in a new browser tab to allow interaction with the Gemini side panel. With this update, the default behavior will open a file in the overlay file previewer. If you prefer for PDFs to open in a new tab by default, you can update your PDF opening default behavior in your Drive settings. If you previously set a preferred PDF opening default behavior in your Drive setting, your default open behavior will remain the same. 
    • Visite el Centro de ayuda para obtener más información sobre usando Gemini en Drive para trabajar con PDFs. 

Ritmo de implantación 

Disponibilidad 

Disponible para clientes de Google Workspace con estos complementos: 

  • Géminis Empresas 
  • Géminis Empresa 
  • Géminis Education 
  • Géminis Education Premium 
  • Google One AI Premium 

Recursos 

Google Meet provides additional privacy for livestreaming with new eCDN On-Premises API

por | Ene 9, 2025 | Noticias

Qué está cambiando

Earlier this year, we introduced Enterprise Content Delivery Network (eCDN) to enhance livestreaming in  Google Meet. When configured by admins, eCDN has the potential to reduce bandwidth consumption to a fraction of the traffic volume through peer-assisted media delivery.

However, environments that have additional security requirements would not be able to benefit from the network traffic savings enabled by eCDN. That changes today with the introduction of the eCDN On-Premises API for Google Meet, which admins can use to configure their network for eCDN while keeping classified IP addresses and network information private. Specifically, IP addresses will be replaced with self-assigned peering group names and encrypted information for session description protocol (SDP) handshakes. This ensures that no IP information is shared with Google, so customers can take advantage of eCDN while adhering to their own security guidelines.

Admin console > Apps > Google Workspace > Google Meet > Meet video settings > eCDN

A quién afecta

Admins

Por qué es importante

The eCDN On-Premises API can be used to deploy eCDN for Google Meet live streaming in a way that allows the eCDN tracker service to optimize peering topologies without access to internal network information such as IP addresses or subnets. A customer-supplied service uses the API to replace all IP address information with arbitrary text labels. The service also manages encryption of SDP offers/answers using encryption keys that are never made available to Google. Any decryption needed by client peers is performed completely inside the customer’s own network. No network information is sent outside the organization’s network, not even to Google. This ensures that bandwidth-optimized media delivery via eCDN can also be implemented in sensitive environments without compromising organizations’ internal security guidelines.

Para empezar

Ritmo de implantación

Disponibilidad

  • Disponible para todos los clientes de Google Workspace

Recursos

Prevent the downloading, printing, or copying of files by all users with Enhanced IRM for Google Drive Data-Loss Prevention

por | Ene 9, 2025 | Noticias

Qué está cambiando 

Google Drive’s Information Rights Management (IRM) capability protects documents from data exfiltration actions, specifically downloading, printing, and copying. This is useful for making sure that sensitive content is protected from data leakage. 
Historically, this feature has only been applicable to users with either the “viewer” or “commenter” role, which has left administrators unable to apply the setting to users with either “owner” or “editor” roles. To address this, we’re expanding IRM to be applicable to all users, including file editors and owners, when it is applied by a Data Loss Prevention (DLP) rule.
The new Enhanced IRM action, as seen in the DLP Rule creation flow.

Más información

When an editor or owner is affected by IRM, they will retain the ability to copy and paste document content, but they may only do so within that document. Attempting to paste content outside of the document will not succeed. For more information, please refer to the help center content.

Para empezar

  • Admins: DLP rules and CAA levels are applied per-file based on how these rules are configured.
  • Usuarios finales: Only administrators can set IRM for all user roles on a file. File owners may still only set IRM for viewers and commenters. If a file has both an administrator-applied IRM setting and a file owner setting on it, the administrator setting takes priority. Once this feature is enabled, all entry points for downloading, printing, and copying will be removed from Google Drive, Docs, Sheets, and Slides on all platforms. Visit the Help Center to learn more about stopping, limiting, or changing how your files are shared.
A view of the file owner’s IRM setting when an overriding administrator setting is present.

Ritmo de implantación

Disponibilidad

  • IRM controls are available for all Google Workspace customers
  • Data Loss Prevention Rules and Context-Aware Access conditions are available for Google Workspace:
    • Empresa Standard and Plus
    • Education Fundamentals, Standard, Plus, and the Teaching and Learning add-on
    • Frontline Estándar
    • Empresa Essentials and Enterprise Essentials Plus

Recursos