Get help on Discord

Sanity exec script fails with "Insufficient permissions" despite administrator role

8 replies
Last updated: Feb 28, 2022
I am getting a permissions error while attempting to run a script from terminal: 
sanity exec xyz.js
, I’ve never had this before with other projects despite often performing mutations in the same manner.

ClientError: the mutation(s) failed: Insufficient permissions; permission "update" required

I have the administrator role on the account I am logged in with so I don’t see why it should be any different to usual.

Project ID: 
zje7y6w0
 Dataset: 
production

Any support much appreciated
🙂

  response: {
    body: { error: [Object] },
    url: '<https://zje7y6w0.api.sanity.io/v2021-08-05/data/mutate/production?tag=sanity.studio&returnIds=true&visibility=sync>',
    method: 'POST',
    headers: {
      'content-type': 'application/json; charset=utf-8',
      'content-length': '299',
      'x-ratelimit-limit-second': '50',
      'ratelimit-limit': '50',
      'ratelimit-remaining': '49',
      'ratelimit-reset': '1',
      'x-ratelimit-remaining-second': '49',
      'x-sanity-shard': 'gcp-eu-w1-01-prod-1018',
      'x-served-by': 'gradient-web-674ff585bd-lbdqz',
      date: 'Mon, 28 Feb 2022 18:07:50 GMT',
      vary: 'Origin',
      xkey: 'project-zje7y6w0, project-zje7y6w0-production',
      via: '1.1 google',
      'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
      connection: 'close'
    },
    statusCode: 403,
    statusMessage: 'Forbidden'
  },
  statusCode: 403,
AI Update

The "Insufficient permissions" error you're encountering when running sanity exec xyz.js is almost certainly because you need to add the --with-user-token flag to your command.

By default, when you run sanity exec, the script doesn't automatically use your authenticated user credentials. Even though you have the administrator role on your account, the script needs explicit permission to use your user token to perform mutations (create, update, or delete operations) on your dataset.

The Solution

Run your script with the --with-user-token flag:

sanity exec xyz.js --with-user-token

This flag provides your script with an authenticated client that has the same permissions as your logged-in user account. Without it, the script runs with limited or no permissions, which is why you're getting the 403 Forbidden error with "Insufficient permissions; permission 'update' required."

Verify Your Login

If adding the flag doesn't resolve the issue, you can verify which account you're currently logged in with using:

sanity whoami

This will show you the current authenticated user and help confirm you're logged in with the correct account that has administrator privileges.

Why This Happens

The --with-user-token flag is a security feature. It prevents scripts from accidentally or maliciously performing operations without explicit authorization. This is especially important when running scripts that modify your production dataset, which is why it's always recommended to export your dataset before running any mutation scripts:

sanity dataset export

As shown in the community thread about this exact issue, adding the --with-user-token flag resolves this permissions error. The error you're seeing is a security measure to ensure scripts have explicit authorization before performing write operations on your content.

Show original thread
8 replies
Hi Simon. I checked your project and this is related to this issue . Mutations are still timing out but you should be able to read at this point. Updates will be added here .
user P
We are showing signs that mutations should be possible again. If you’re able can you please confirm?
We are showing no failed mutations at this point. We’ll keep monitoring but this should now be resolved. Thanks for your patience.
Hey
user A
! Thanks for letting me know. I’ve just checked and the insufficient permissions warning still persists; could it be related to something else?
Shoot. I looked up your project and you were on the shard having issues, but I should have looked closer at your error—it doesn’t seem related.
Does it work if you run the script using the 
--with-user-token
flag?
Thanks
user A
this is what I was missing 🙂 Sorry about that! The 524 errors were throwing me
Glad it’s working! Sorry to have misled you with the focus on the other error.

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?