Get help on Discord

Forbidden ACL error on npm run graphql-deploy for Gatsby blog tutorial

1 replies
Last updated: Nov 29, 2025
Having an issue with

npm run graphql-deploy

throwing an error:
Forbidden - Project user “pGJU8tBOF” does not have any ACL for this project

This is while walking through the ‘Get started with the Gatsby blog’ tutorial.

More details here:
https://sanity-io-land.slack.com/archives/C9Z7RC3V1/p1609356672314500
Any pointers would be appreciated. Can’t find any references online.
AI Update

This error typically occurs when there's a mismatch between the authentication credentials the CLI is using and the project you're trying to deploy to. Here are the most common causes and solutions:

Most Likely Cause: Authentication Token Mismatch

The error "Project user does not have any ACL for this project" usually means you're authenticated as a user (or with a token) that doesn't have permissions for the project you're deploying to.

Solutions to Try

1. Re-authenticate with the CLI

First, try logging out and back in:

sanity logout
sanity login

Then try running npm run graphql-deploy again.

2. Check for Environment Variables

If you have a SANITY_AUTH_TOKEN environment variable set, it will override your CLI login. This is a common issue when following tutorials that use tokens for CI/CD. Check if you have this set:

# On Mac/Linux
echo $SANITY_AUTH_TOKEN

# On Windows
echo %SANITY_AUTH_TOKEN%

If it's set and you don't need it, unset it:

# Mac/Linux
unset SANITY_AUTH_TOKEN

# Windows
set SANITY_AUTH_TOKEN=

3. Verify Your Project ID

Make sure you're in the correct project directory and that your sanity.json or sanity.config.js file has the correct projectId. The error mentions project user "pGJU8tBOF" - verify this matches your actual project.

4. Check Project Permissions

Log into sanity.io/manage, select your project, and verify:

  • You're a member of the project
  • You have the appropriate role (Admin or Developer role needed for GraphQL deployment)

5. Create a New Auth Token (if needed)

If you need to use a token, create a fresh one with proper permissions:

  1. Go to sanity.io/manage
  2. Select your project
  3. Go to Settings → API → Tokens
  4. Create a token with "Deploy Studio" or "Admin" permissions

Why This Happens in Tutorials

The Gatsby blog tutorial may have you clone a starter that references a different project ID, or you might be using example credentials. Make sure you've initialized the project with your own account using sanity init before trying to deploy the GraphQL endpoint.

After trying these steps, the sanity graphql deploy command should work properly. Remember that you'll need to run sanity graphql deploy whenever you update your schema to reflect those changes in your GraphQL API.

Show original thread
1 reply

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?