I have created a sheets sidebar addon which allows a user to select a group and update members based on a column in a sheet.
When I run it as my admin account, everything works; however, when a normal G Suite user runs the addon, they run into issues as the api I'm using to add users to the group is the Admin SDK Directory.
This is the error when I try to run as a normal G Suite user - "GoogleJsonResponseException: API call to directory.members.delete failed with error: Not Authorized to access this resource/api"
member = AdminDirectory.Members.remove(str, userEmail); or member = AdminDirectory.Members.insert(member, str);
This works fine in a web app if I deploy to run as an admin.
Any guidance or tip would be greatly appreciated.
If you want the user to run the script, you need to assign him / his organization unit respective roles or privileges from the User Admin Console.
I suggest that you create a custom administrator role to give the user only the permissions they need to run the Addon.
If you are looking into running Apps Script with a service account, you'll need to install the OAuth2 library and perform UrlFetchApp.fetch() calls with JSON requests.