Get help on Discord

How to modify and delete grants and roles in the new Role/permissions system.

11 replies
Last updated: Jun 15, 2021
Hi, with the new Role/permissions system is it possible to:• Delete an existing grant from a role (maybe a 
DELETE
request to the 
/grants
endpoint?) • Delete an existing role? Not
deleting a user role , but deleting the role itself so that it doesn't show up when you fetch the list of roles through the 
/roles
endpoint.
AI Update

Based on the documentation I've reviewed, here's what you can do with the new Roles/permissions system:

Deleting Grants

Yes, you can manage grants! While the documentation doesn't explicitly show a standalone DELETE request to a /grants endpoint in the format you mentioned, grants are now managed through role permissions in the new Access API.

In the new Access API (v2025-07-11), grants are part of role permissions. To remove a grant from a role, you would:

  1. Update the role using PATCH /v2025-07-11/access/{resourceType}/{resourceId}/roles/{roleName} and modify the permissions array to exclude the grant you want to remove
  2. Or delete the entire role (see below) if that's what you need

The old /grants endpoint pattern you're referencing was part of the v2021-06-07 API. The new API has restructured this into the role-based endpoints where permissions (which include what were previously called "grants") are managed as part of roles.

Deleting Roles

Yes, you can delete custom roles! Use this endpoint:

DELETE /v2025-07-11/access/{resourceType}/{resourceId}/roles/{roleName}

This requires:

  • Permission: sanity.{resourceType}.roles.delete
  • Feature: advancedRolesManagement (Enterprise feature)

Important notes:

  • You can only delete custom roles (where isCustom: true)
  • Pre-defined roles (administrator, editor, viewer, etc.) cannot be deleted, but on Enterprise plans with advanced roles management enabled, they can be removed from appearing in the resource
  • Once deleted, the role won't show up when you fetch the /roles endpoint

The Access API documentation shows all available endpoints. The new API (v2025-07-11) has significantly restructured how roles and permissions work compared to the older v2021-06-07 API, consolidating grants, resources, and permission resource schemas into a simpler "permissions" concept that's managed within roles.

Hi User! You can only modify grants for roles you have created yourself. Same goes for delete
Hi
user P
, thanks that's good to know! Is there any documentation on how the request should look like for modifying/deleting grants (and deleting custom roles that I created, if that is possible)? I looked through a couple docs but wasn't able to find anything.
https://www.sanity.io/docs/roles-reference
https://www.sanity.io/docs/roles
Looks like the docs might be missing for creating grants atm, but you should be able to create a grant by POSTing to 
/v2021-06-07/projects/{{project_id}}/grants
with the payload:
{
    "roleName": "role-name",
    "permissionName": "<permissionName>",
    "permissionResourceId": "<resourceId>",
    "params": {
    }
}
The permissions resource ids you can find at 
/v2021-06-07/projects/{{project_id}}/permissionResources
Looks like we have a bug when it comes to deleting custom roles. I’ll get a fix rolled out ASAP tomorrow morning (CET-time)
Looks like we have a bug when it comes to deleting custom roles. I’ll get a fix rolled out ASAP tomorrow morning (CET-time)
Awesome, thank you!
Np. Sorry for the inconvenience. The route should be under 
DELETE /v2021-06-07/projects/:id/roles/:roleName
What would the request look like for deleting grants? Would it be something like 
DELETE /v2021-06-07/projects/:id/grants
with 
roleName
, 
permissionName
and 
permissionResourceId
specified in the body?
Yes, delete would be the same as a create but DELETE instead of POST
Awesome! Thank you again for the help, I really appreciate it 🙌
Fix for the role delete should now be in production 🙂
Great! thanks for letting me know :D

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?