Specify in README which permissions must be given in API access #20
Comments
|
I am not exactly sure what permissions you are referring to. Do you mean the user accounts you can create in the developer console? There is a predefined user role called version manager (I think, because it is translated to something similar in German for me). But if you followed the steps described in https://developers.google.com/android-publisher/getting_started that should be automatically set. But if I look closer there are really just three permissions that user needs and those would be
I haven't tried it, though, because I usually just go with that default role. |
|
We'll investigate further. We have a very large app (100m+ installs), so anything permissions-wise with publishing is done cautiously. I'll give it a try with just the default version manager role. If that works, I'll whittle down the permissions to see which ones are the necessary ones. We have it set with the listing and alpha/beta permissions, but purposefully withheld the production one since we will only be using this for an internal-only alpha channel. Hopefully not having that permission isn't what's causing it 😦 Also might mention that Google appears to impose a hard limit of one upload (even attempt) per 24 hour period, though maybe it's just a rate limiting increase due to our testing. Due to that, might be a couple of days before I can update this with the results of our testing. |
|
Also, you should try running the task with the |
|
So further investigation shows it does require permission to upload APKs for all three channels, even if you'd prefer to limit its access to just alpha/beta. Here is a screenshot of the minimum permissions required for the plugin to work, even if a developer doesn't personally need them for their intended use (like the example above).
I have no idea why it requires access to manage alpha and beta users, but |
|
I investigated a little further and I think I know what is happening. It is all about the way the Google Play API works. You basically edit your app in a staging area called an Edit. There you have everything in one place: The apk, the apklisting, the images, the listing itself and so on. Even the test users are part of that construct. Once you are done with all your changes you have to commit them and everything is updated in one atomic operation. Thus, in theory you could change all the parts of the app at once. Unfortunately, the server does not figure out what resources are touched, beforehand. So it has a rather pessimistic approach. The Client might want to update every part of the app in that operation -> Just require all permissions. I don't think there is much we can do about it, except for filing a feature request anywhere. I am sure Google will understand our concerns when it comes to security and permissions. Any idea for a good place to file such a request? |
|
Yeah that's probably the best place to file that request. It does seem heavy handed, but I guess it's easier for them to control on their side if it requires all these permissions up front. Hopefully they'll reconsider, I'll star the issue and chime in as well :) |
|
The issue on Google Code has been moved to Done. I don't think there is anything left we can do about it so I updated the README with the required permissions. |
|
yeah I guess we'll just have to hope they improve this in the future.
|
Preferably we would like to only use the permissions we need, but currently we only ever get
401 Unauthorizedfailures. Could you provide any insights regarding to this? Specifically which permissions are necessary and maybe consider specifying them in the README for future users.The text was updated successfully, but these errors were encountered: