We have a membership spreadsheet that contains a Google Apps Script triggered hourly that manages our organization since 2016. It runs under its own account, reads a calendar, generates reservation forms and response spreadsheets, reads and writes emails, and response spreadsheets, all owned by its account. Users under their own google account execute menu commands to sort, change view, send email, and change cells in the spreadsheet. The triggered function requires 11 OAuth scopes, but the users do very little, so they balk at allowing 11 Oauth scopes.
Is it possible for users to only allow the rights they need while the triggered function account allows all 11 rights?
I don't know how to allow users to allow just the rights they need, because this is a default Cloud Project and the automatic scopes are based on the whole code of the project.
I suppose the triggered function could write a copy of the spreadsheet that only contains the code to alter the view. The copy could also have a list of Forms urls so the user could provide data and requests, then the triggered function hourly monitors the requests and it changes the spreadsheet. Unfortunately that requires redesigning the whole user interaction with data scheme, and inserts a half hour on average between request and response. Thanks for your help.
One way to do that would be to create a standalone script project for the time-driven actions. The script can use SpreadsheetApp.openById() to access the spreadsheet.
The container-bound script project in the spreadsheet can then only contain the functions that run through menu commands under the account of the user at the keyboard.