Get help on Discord

Issues with project/organization restrictions in Chrome causing denied access and limitations.

4 replies
Last updated: Feb 13, 2024
Hi!Have anyone else had problems with project/organization restrictions. For example:
• all members are admins but only one can change settings on project.
◦ in this case the new presentation mode only works for the member that has access to project settings
• or all members of a project cant change members, dataset etc evan if the member is a admin?
This happened over night for me. Some new setting that i missed?
AI Update

It sounds like you're experiencing a frustrating permissions issue that appeared suddenly. Based on the Sanity documentation on roles and permissions, here are some things to check:

Common Causes for This Issue

1. Single Sign-On (SSO) Role Mapping If your organization recently enabled or updated SSO with role mapping rules, this could explain the overnight change. When SSO role mapping is configured to be the sole source of role assignment, manual role changes are locked. According to the roles documentation, you'll see a popover message stating "roles are handled by identity provider and cannot be manually updated."

2. Organization-Level vs Project-Level Permissions There's an important distinction in Sanity's permission system:

  • Organization owners have different permissions than project administrators
  • Even if someone is an admin at the project level, certain organization-level settings require organization owner privileges
  • According to the platform terminology docs, "All administrator members in a project will have access to project settings," but organization-level controls are separate

3. Presentation Tool Permissions For the Presentation Tool specifically, access requires proper project settings permissions. The documentation notes that members need Project Details set to "read" at minimum, and ideally Project Members also set to "read" for the best Studio experience.

What to Check

  1. Navigate to your project at sanity.io/manage and review the Members section
  2. Check if SSO role mapping was recently enabled - look for any indicators that roles are managed by an identity provider
  3. Verify organization ownership - the person who can change settings might be the organization owner rather than just a project admin
  4. Review the Access tab in project settings to see if custom roles were recently modified

Potential Solutions

  • If SSO role mapping was enabled, you may need to adjust the mapping rules or disable the "restrict role assignment" option
  • Ensure that project administrators have the "Administrator" role (not just "Editor" or "Developer")
  • Contact the organization owner to grant necessary permissions
  • Check if there were any recent changes to custom roles or content resources that might affect access

Has your organization recently made any changes to authentication methods or added SSO? That would be the most likely culprit for an overnight change like this. If none of these apply, I'd recommend reaching out to Sanity support via their community Slack or email as this could be a bug or platform issue.

To clarify, all of these roles were previously able to perform these actions? In scenarios like this, it’s usually because someone is not a member of both the org and the project. That’s not the case if they were previously able to, though.
After lots of digging and testing i found out that this is probably chrome related (works in safari and firefox).In Chrome I get denied access on parts of the project in both presentation mode and in the actual settings for the project. Like not being able to handle members, warning that i have to many datasets evan if Im using 2/2.
But this might be a caching issue or some other conflicts (in 4-5 different organisations and 7-10 different projects).
Thank you for answering! Was a strange chrome or mac issue. Did a update on mac (not chrome) and just restarted chrome 🤷‍♂️
I’m glad that fixed it!

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?