AppStore Connect Permissions to Publish Apps
After embarrassing struggles of back-and-forth with our clients about what permissions they need to grant us to publish to the Apple AppStore, we decided to write it all down.
Obviously, the simplest and probably generally preferred set up (at least for our one-app clients) is to add us in the “Admin” role on AppStore Connect. This allows the user to fully and independently configure the app in AppStore Connect as well as on the Developer Portal (ids, certificates, etc.).
Alternatively, when the client has multiple apps on their AppStore or wants to have a more fine-grained control over their processes, we have them do the following:
- add us in a “Developer” role, with “Access to Certificates, Identifiers & Profiles” checked, and
- have them create and export the public/private key for the “iOS Distribution” certificate (p12).
If you forget to check “Access to Certificates, Identifiers & Profiles” + “Access to Cloud Managed Distribution Certificate”, your Xcode won’t see your client’s team under the “Team” dropdown and you’ll see an ugly, confusing error when trying to access Apple’s Developer Portal:
Access Unavailable
You currently don’t have access to this membership resource. Contact your team’s Account Holder or an Admin.
If you forget to also get the client to share the full “iOS Distribution” certificate (public/private keys), just when you think you’re about to publish the app, you get this ugly error message from Xcode:
No accounts with the Admin role have been found for “**********”. The Admin role is necessary in order to generate signing assets for this archive.
So, don’t forget them to create (see this great post for steps to create and export the cert), download, and share the “iOS Distribution” certificate:
Simple, but hard to remember the two different options every time we kick off new app development project.