Google Play Console Permissions for Service Accounts

Google Play Console manages access through specific permissions.
Start by choosing the access level, then enable only the permissions the service account needs.

100%

Google Play Console app permissions screen

For an ASO.dev service account, start with App permissions for the selected app:

• Keep Admin (all permissions) off.
• Enable View app information (read-only) as the base permission.
• Leave View app quality information (read-only) enabled if Play Console selects it; it is read-only and does not allow edits.
• Add Manage store presence for metadata, screenshots, pricing, in-app products, distribution, and store listing work.
• Add Reply to reviews only if the service account should reply to Google Play reviews.
• Add release, testing, or financial permissions only for those workflows.

Permissions apply only to selected apps. This is the safest default for service accounts because you can grant access to one app or to a specific set of apps.

Permissions apply to all apps in the developer account. Use this level only when the service account truly needs account-wide access or a permission that exists only at the account level.

1. Open Google Play Console → Users & permissions.
2. Click Invite new user.
3. Enter the service account email address.
4. On the App permissions tab, click Add app.
5. Select the required apps and click Apply.
6. Enable only the required permissions.
7. Click Invite user and save changes.

Grants administrative access: invite users, manage other users’ permissions, and remove users.
This permission also grants all other permissions. It is usually not recommended for service accounts.

Grants read-only access to app information, including linked Google Play Games services projects, but excluding financial data.
This is often used as the base permission together with other app permissions.

Grants read-only access to app-level Android vitals, pre-launch reports, and basic information about artifacts, tracks, and releases.
It does not allow edits or changes.

Account-level read-only access to information for all apps in the account and to bulk report downloads.
Users with this permission also get access to new apps added to the account later.

Allows editing and deleting existing draft apps.
It does not allow publishing releases.

Account-level permission for creating new draft apps and editing or deleting existing draft apps.
It does not allow publishing apps on Google Play.

Allows editing and submitting policy declarations, such as Data safety and permissions declarations.
It can be used together with View app information (read-only).

Grants access to financial reports, sales reports, the Purchases API, and revenue information for linked Google Play Games services projects.
It does not allow changing pricing or releases.

Account-level access to financial reports, sales reports, orders, buyer metrics, and cancellation survey responses.
It also grants access to the Purchases API.

Allows viewing orders, refunding orders, and canceling subscriptions.
It does not provide access to aggregated financial reports without a separate financial permission.

Allows creating, editing, and rolling out production releases, unpublishing and republishing apps, excluding devices in the device catalog, and using Play App Signing.
Enable this only if the service account must manage production releases.

Allows uploading draft apps, creating and rolling out releases to testing tracks, unpublishing and republishing apps previously released to testing tracks, uploading and modifying OBB files, editing release notes for apps without active production releases, and uploading APKs for internal sharing.
It does not allow publishing production releases.

Allows changing internal, open, and closed testing settings, and managing tester lists and associated users.
It does not allow publishing production releases.

Allows managing the public store presence: store listing text and images, store listing experiments, pricing, in-app products, pricing templates, distribution information, content rating, promotions, sales, saved device filters, and promotional content.
This is the key permission for ASO, metadata, and pricing work.

Allows replying to Google Play reviews and changing the contact information used in suggested replies.
Without this permission, a user can view ratings and reviews but cannot reply.

Allows creating, editing, and publishing private apps that are available only to users in your organization.
It does not allow managing internal testing tracks or publishing public apps on Google Play.

Account-level permission for editing Google Play Games services projects for all apps.
To create new projects or link apps, the user also needs View app information and download bulk reports (read-only) and access to the relevant project in Google Developers Console.

Account-level permission for publishing new Google Play Games services projects, and unpublishing or republishing existing projects.
The user also needs access to the project in Google Developers Console.

• Start with App permissions, not Account permissions.
• Grant access only to the apps the service account will work with.
• Do not enable Admin (all permissions) for automation unless it is truly required.
• Split service accounts by task: metadata, reviews, releases, and finance.
• Regularly review users and revoke access that is no longer needed.