Get help on Discord

Sanity exec script fails with "Insufficient permissions" despite administrator role

8 replies
Last updated: Nov 29, 2025
I am getting a permissions error while attempting to run a script from terminal: 
sanity exec xyz.js
, I’ve never had this before with other projects despite often performing mutations in the same manner.

ClientError: the mutation(s) failed: Insufficient permissions; permission "update" required

I have the administrator role on the account I am logged in with so I don’t see why it should be any different to usual.

Project ID: 
zje7y6w0
 Dataset: 
production

Any support much appreciated
🙂

  response: {
    body: { error: [Object] },
    url: '<https://zje7y6w0.api.sanity.io/v2021-08-05/data/mutate/production?tag=sanity.studio&returnIds=true&visibility=sync>',
    method: 'POST',
    headers: {
      'content-type': 'application/json; charset=utf-8',
      'content-length': '299',
      'x-ratelimit-limit-second': '50',
      'ratelimit-limit': '50',
      'ratelimit-remaining': '49',
      'ratelimit-reset': '1',
      'x-ratelimit-remaining-second': '49',
      'x-sanity-shard': 'gcp-eu-w1-01-prod-1018',
      'x-served-by': 'gradient-web-674ff585bd-lbdqz',
      date: 'Mon, 28 Feb 2022 18:07:50 GMT',
      vary: 'Origin',
      xkey: 'project-zje7y6w0, project-zje7y6w0-production',
      via: '1.1 google',
      'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
      connection: 'close'
    },
    statusCode: 403,
    statusMessage: 'Forbidden'
  },
  statusCode: 403,
AI Update

The "Insufficient permissions" error you're encountering when running sanity exec xyz.js is almost certainly because you need to add the --with-user-token flag to your command.

By default, when you run sanity exec, the script doesn't automatically use your authenticated user credentials. Even though you have the administrator role on your account, the script needs explicit permission to use your user token to perform mutations (create, update, or delete operations) on your dataset.

The Solution

Run your script with the --with-user-token flag:

sanity exec xyz.js --with-user-token

This flag provides your script with an authenticated client that has the same permissions as your logged-in user account. Without it, the script runs with limited or no permissions, which is why you're getting the 403 Forbidden error with "Insufficient permissions; permission 'update' required."

Verify Your Login

If adding the flag doesn't resolve the issue, you can verify which account you're currently logged in with using:

sanity whoami

This will show you the current authenticated user and help confirm you're logged in with the correct account that has administrator privileges.

Why This Happens

The --with-user-token flag is a security feature. It prevents scripts from accidentally or maliciously performing operations without explicit authorization. This is especially important when running scripts that modify your production dataset, which is why it's always recommended to export your dataset before running any mutation scripts:

sanity dataset export

As shown in the community thread about this exact issue, adding the --with-user-token flag resolves this permissions error. The error you're seeing is a security measure to ensure scripts have explicit authorization before performing write operations on your content.

Show original thread
8 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?