Team management
gplay team manages your Developer account (the Play Console
organisation): its members (users) and their per-app access (grants).
It's the one gplay surface keyed by the organisation rather than a package.
Users — account-wide membership
Section titled “Users — account-wide membership”gplay team users listgplay team users add dev@example.com --role release-managergplay team users set dev@example.com --permissions reply-reviewsgplay team users remove dev@example.comGrants — per-app access
Section titled “Grants — per-app access”gplay team grants list --package com.example.myappgplay team grants set dev@example.com --package com.example.myapp --role reviewergplay team grants remove dev@example.com --package com.example.myappgrants set is an upsert: gplay reads the member's current grants, then
creates or updates as needed. With --dry-run --output json it reports the
resolved verb (create/update) and the permission diff (current → desired)
before you commit to anything.
Permissions without memorising Google enums
Section titled “Permissions without memorising Google enums”Google expresses permissions as CAN_* enums in two near-parallel families
(account-wide _GLOBAL and per-app). gplay layers two friendlier forms on
top:
- Aliases — scope-independent names like
release-productionorreply-reviews, resolved to the right enum family for the command's scope. RawCAN_*enums are always accepted too, so nothing is ever un-grantable. - Role bundles — frozen presets:
viewer,reviewer,tester-manager,release-manager,admin. Frozen means a bundle's membership only changes by an explicit, versioned gplay release — never silently when Google adds enums. Money-related capabilities (financial data, orders) are deliberately excluded from every bundle and must be granted as explicit permissions.
The whole vocabulary is introspectable offline — no credentials needed:
gplay team permissions # aliases + bundles, account scopegplay team permissions --scope app # the per-app enum familyThe admin gate
Section titled “The admin gate”Granting admin is never silent. An admin-conferring add or set (via
--role admin or a permission set including the all-permissions enum)
requires the named acknowledgment flag --grant-admin, otherwise gplay
refuses with exit 3 and names the flag. Agents can discover the gate ahead
of time: --dry-run --output json emits a requires array listing the
safety flags the live write needs.
Related
Section titled “Related”- Exit codes — exit
3, the resolvable refusal gplay teamreference