Get help on Discord

Discussion about adding a collaborator to a Sanity project and the possibility of paying for additional roles on the free plan.

21 replies
Last updated: Jul 23, 2021
Hello! I've run into a problem which I can't really explain except from misunderstanding something. 🤔 I'm currently developing a next.js/sanity based portfolio (on the free plan), up until now alone. Ive got everything working - from vercel deploys to live preview. Now i wanted to Invite a friend (also as administrator) to that sanity project, helping me filling in some content (and flexing that sweet live preview, of course). But no matter what, when trying to access the deployed studio he gets a "Unauthorized" when logging in. I checked the network tab, and saw that the 
me
cookie is quite different for him than for me.His:

{"id":"myCollaboratorsId", "name":"myCollaborator", "email":"myCollaborator@domain", "profileImage":null, "roles":[]}
wheras mine looks like this:


{"id": "myId", "name":"myself", "email":"myself@domain", "profileImage":null, "role":"administrator" ,"roles":[{"name": "administrator", "title": "Administrator", "description": "Read and write access to all datasets, with full access to all project settings."}]}
In the sanity management console we appear to have the exact same roles though. I don't understand why his roles are essentially non-existant. Any Ideas what's the issue here? I feel like I'm missing something obvious. Thanks in advance!
AI Update

This is a frustrating issue, but fortunately it has a clear explanation! The empty roles: [] array in your collaborator's cookie is the key indicator of what's happening.

The Root Cause:

Your collaborator has accidentally created multiple Sanity accounts using different login providers (Google, GitHub, email/password, etc.). Here's the critical thing: each login provider creates a completely separate Sanity account, even if they use the same email address. Sanity does NOT support linking multiple providers to a single account.

When you invited them to your project, the invitation was associated with one specific account. But when they're trying to log into the Studio, they're authenticating with a different account that isn't a member of your project. Since that account has no project membership, Sanity returns an empty roles array and blocks access with "Unauthorized."

As explained in this community discussion, "the provider matters as well. If you created the account using an email and password, then used google to log into the CLI those would be two different accounts." The same applies to Studio login. The platform terminology documentation confirms that "Different Login providers e.g. email-password, Google, GitHub" create separate accounts.

How to Fix It:

  1. Identify the correct account: Go to your project's Manage console and check the Project Members section. Look at the exact email address and login method shown for your collaborator's invitation. You should see an icon or indicator showing which authentication provider is associated with their membership.

  2. Have your collaborator log out completely: They should log out of the Studio, clear their browser cookies, and close all Sanity tabs.

  3. Log in with the matching provider: Your collaborator needs to log back in using the exact same authentication method that matches their project membership. If the invitation shows a Google account, they must use "Sign in with Google." If it shows email/password, they must use that method.

  4. Try different providers systematically if unsure: If you're not certain which provider has the project access:

    • Try logging in with Google
    • If that doesn't work, log out completely and try GitHub
    • If that doesn't work, try email/password
    • Check which one shows your project in the dashboard

Prevention Tips:

  • When inviting collaborators, communicate which login method they should use
  • Have team members consistently use the same authentication provider for all Sanity access
  • Check the provider icon in Manage to verify which account has project access
  • Consider having your team standardize on one provider (e.g., "always use Google" or "always use email/password")

If They Need to Delete an Extra Account:

If your collaborator wants to clean up duplicate accounts, they can log into sanity.io/manage using the authentication method for the account they want to delete, then go to Settings and delete that account. Just make sure they don't delete the account that has the project membership! You can verify which account is correct by checking if your project appears in the dashboard before deleting anything.

This issue affects all Sanity plans including the free tier - it's purely an authentication/account management issue, not a plan limitation. Once they log in with the correct provider, their roles array will populate properly and they'll have full administrator access as intended.

It could be possible they accepted the invitation using a different service provider than the one they’re now trying to log in with.
If you curl 
<https://api.sanity.io/v2021-07-22/projects/><PROJECT_ID>/acl
with a token, can you see two administrators?
If you curl 
<https://api.sanity.io/v2021-07-22/projects/><PROJECT_ID>/acl
with a token, can you see two administrators?
curl --request GET \
  --url <https://api.sanity.io/v2021-07-22/projects/><PROJECT_ID>/acl \
  --header 'Authorization: Bearer <ENTER TOKEN HERE>'
This curl returns an array with just 1 user, myself - should this return all users?
This curl returns an array with just 1 user, myself - should this return all users?
And thanks for the swift answer!
This curl returns an array with just 1 user, myself - should this return all users?
Okay, nevermind. I found the issue. I was constantly looking at the wrong project - as i made a copy once with a simlar name. I'll tar and feather myself and leave in shame 😬
This curl returns an array with just 1 user, myself - should this return all users?
Glad you got it figured out! Put the tar and feathers away and be glad you got this one solved before it put a damper on your whole weekend. 🙌
And yes, that curl command should return all users on a given project .
Thanks Geoff - it was indeed looking dire for that weekend until now, heh. Another quick question though - the 
developer
plan seems to be gone, correct? Is there any other way to get editor roles into the free account for a small fee instead of going 99/mo?
For all new projects, yes that is currently correct. However, there is an internal conversation underway to revisit the roles and though I don’t know any specifics, I’m sure it’s something to stay tuned for.
For all new projects, yes that is currently correct. However, there is an internal conversation underway to revisit the roles and though I don’t know any specifics, I’m sure it’s something to stay tuned for.
Oh, okay! Super glad to hear that. Honestly, if that would be possible (paying a little extra for enabling a role) you'd never get rid of me as a client anymore.
Oh, okay! Super glad to hear that. Honestly, if that would be possible (paying a little extra for enabling a role) you'd never get rid of me as a client anymore.
Thanks for all the help (albeit more like impersonating a rubberduck 😉 ) - I wish you a splendid weekend!
I’ll be a rubber duck any time!
Thanks for the feedback. I’ll pass it along.
🙌
You have a great weekend as well!
👋

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?