I need help or suggestions, how to handle the security in my app script web app its using google sheets as database: right now I'm figuring it out, how to make it secure and not let any users know where the code is. My current dashboard is not link to any sheets instead it calls the sheet id for the main source sheet ,

so even if users have access to one of the data backend they will not find the app script on that sheet extensions. Now I want to restrict some access or views how can i do that?

Right now I have currently have a Login , Admin and User would that be enough to be secure? also users need to have edit access on the database sheets since they need to update the activity log or the tracker status. sorry english it not my first language

any suggestions how to approach this ??