Get help on Discord

Sanity Studio: Invited user shows empty roles array and gets "Unauthorized" error

21 replies
Last updated: Dec 1, 2025
Hello! I've run into a problem which I can't really explain except from misunderstanding something. 🤔 I'm currently developing a next.js/sanity based portfolio (on the free plan), up until now alone. Ive got everything working - from vercel deploys to live preview. Now i wanted to Invite a friend (also as administrator) to that sanity project, helping me filling in some content (and flexing that sweet live preview, of course). But no matter what, when trying to access the deployed studio he gets a "Unauthorized" when logging in. I checked the network tab, and saw that the 
me
cookie is quite different for him than for me.His:

{"id":"myCollaboratorsId", "name":"myCollaborator", "email":"myCollaborator@domain", "profileImage":null, "roles":[]}
wheras mine looks like this:


{"id": "myId", "name":"myself", "email":"myself@domain", "profileImage":null, "role":"administrator" ,"roles":[{"name": "administrator", "title": "Administrator", "description": "Read and write access to all datasets, with full access to all project settings."}]}
In the sanity management console we appear to have the exact same roles though. I don't understand why his roles are essentially non-existant. Any Ideas what's the issue here? I feel like I'm missing something obvious. Thanks in advance!
AI Update

This is a frustrating issue, but fortunately it has a clear explanation! The empty roles: [] array in your collaborator's cookie is the key indicator of what's happening.

The Root Cause:

Your collaborator has accidentally created multiple Sanity accounts using different login providers (Google, GitHub, email/password, etc.). Here's the critical thing: each login provider creates a completely separate Sanity account, even if they use the same email address. Sanity does NOT support linking multiple providers to a single account.

When you invited them to your project, the invitation was associated with one specific account. But when they're trying to log into the Studio, they're authenticating with a different account that isn't a member of your project. Since that account has no project membership, Sanity returns an empty roles array and blocks access with "Unauthorized."

As explained in this community discussion, "the provider matters as well. If you created the account using an email and password, then used google to log into the CLI those would be two different accounts." The same applies to Studio login. The platform terminology documentation confirms that "Different Login providers e.g. email-password, Google, GitHub" create separate accounts.

How to Fix It:

  1. Identify the correct account: Go to your project's Manage console and check the Project Members section. Look at the exact email address and login method shown for your collaborator's invitation. You should see an icon or indicator showing which authentication provider is associated with their membership.

  2. Have your collaborator log out completely: They should log out of the Studio, clear their browser cookies, and close all Sanity tabs.

  3. Log in with the matching provider: Your collaborator needs to log back in using the exact same authentication method that matches their project membership. If the invitation shows a Google account, they must use "Sign in with Google." If it shows email/password, they must use that method.

  4. Try different providers systematically if unsure: If you're not certain which provider has the project access:

    • Try logging in with Google
    • If that doesn't work, log out completely and try GitHub
    • If that doesn't work, try email/password
    • Check which one shows your project in the dashboard

Prevention Tips:

  • When inviting collaborators, communicate which login method they should use
  • Have team members consistently use the same authentication provider for all Sanity access
  • Check the provider icon in Manage to verify which account has project access
  • Consider having your team standardize on one provider (e.g., "always use Google" or "always use email/password")

If They Need to Delete an Extra Account:

If your collaborator wants to clean up duplicate accounts, they can log into sanity.io/manage using the authentication method for the account they want to delete, then go to Settings and delete that account. Just make sure they don't delete the account that has the project membership! You can verify which account is correct by checking if your project appears in the dashboard before deleting anything.

This issue affects all Sanity plans including the free tier - it's purely an authentication/account management issue, not a plan limitation. Once they log in with the correct provider, their roles array will populate properly and they'll have full administrator access as intended.

Show original thread
21 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?