Which role is best suited for CI/CD and auto-publishing?

In most cases, the Release Manager role is sufficient. It allows uploading AAB/APK files, managing tracks, and publishing releases via the Android Publisher API.

Can a service account be granted the Administrator role?

Technically yes, but it is not recommended. For service accounts, it is best to grant only the minimum required permissions or use a Custom Role.

Can a service account be restricted to a single app?

Yes. Service account permissions can be limited to specific apps so it does not have access to the entire Google Play Console account.

Google Play Console Roles for Service Accounts - Which One to Choose

Google Play Console provides several predefined roles for managing access to apps and features.
Choosing the correct role for a service account is critical for security and for granting only the permissions that are actually required.
Below are the main roles and their capabilities.

Main Roles

Administrator

Full access to everything.

What it can do:

Manage users and permissions
Access all apps
Publish releases
Change payments, subscriptions, and prices
Access all APIs

When to use:

❌ Not recommended for service accounts
Only for account owners

Release Manager

Release Manager is the optimal role for automation.

What it can do:

Upload builds (AAB/APK)
Manage tracks (Internal / Closed / Open / Production)
Publish releases
Work with staged Rollouts

API:

Android Publisher API (releases, tracks)

Recommended for:

CI/CD
Auto-publishing
ASO.dev / Fastlane / GitHub Actions

Store Listing Manager

Store Listing Manager - metadata management.

What it can do:

Edit store listing
App name, full description, short description
Screenshots, icons, feature graphic
Localizations

API:

Store Listing API
Localizations

Recommended for:

ASO
Bulk metadata editing
Localization

View App Information

View App Information - read-only access.

What it can do:

View app information
Read metadata
View statistics

What it cannot do:

Make changes
Publish releases

Recommended for:

Analytics
Dashboards
Read-only integrations

View Financial Data

View Financial Data - financial analytics.

What it can do:

View revenue
Purchases
Subscriptions
Reports

API:

Financial Reports API

Important:

❌ Does not allow price changes
❌ Does not provide access to releases

Pricing Admin

Pricing Admin (limited) - working with prices and subscriptions.

What it can do:

Change prices
Manage subscriptions and IAPs

Limitations:

Usually not used for service accounts

Custom Roles (Recommended)

Google Play allows you to create Custom Roles and include only the required permissions.

Example roles for ASO / automation:

ASO Automation Role
- Edit store listing
- Manage translations
- Upload screenshots
- View app information
CI/CD Role
- Manage releases
- Upload artifacts
- Manage tracks

This is the best option from a security perspective.

Minimum Permissions for Common Tasks

Task	Minimum Role
Auto-publishing builds	Release Manager
Editing metadata	Store Listing Manager
ASO without releases	Store Listing Manager
Analytics	View App Information
Revenue reports	View Financial Data
Full CI/CD + metadata	Release Manager + Store Listing Manager

Important Service Account Limitations

❌ Cannot accept the Developer Agreement
❌ Cannot manage the payments profile
❌ Cannot own the account
❌ Works only via API
✅ Can be restricted to specific apps

Recommendation

Best practices for service accounts:

Do not use the Administrator role
Use the minimum required role
Create separate service accounts for different tasks:
- Releases
- ASO
- Analytics