Permissions issue with custom roles feature

13 repliesLast updated: Nov 30, 2025
Hi, I'm running into a permissions issue while using the custom roles feature (doc here ). Some help would be greatly appreciated, I'll leave more details within the thread.
AI Update

I'm here to help with your custom roles permissions issue! Custom roles in Sanity can be tricky, especially when dealing with GROQ filters and content resources.

Based on the custom roles documentation, here are some common issues and things to check:

Common Permission Issues:

  1. Dataset Privacy Settings - If you're using custom roles to restrict content visibility, make sure your dataset is set to private. Public datasets allow all documents to be readable regardless of authentication, which bypasses role-based restrictions entirely.

  2. Additive Nature of Roles - Roles in Sanity are additive, meaning if a user has multiple roles assigned, they get the combined permissions of all those roles. You can't "take away" permissions with another role. Check if the user has other roles that might be granting unexpected access.

  3. GROQ Filter Syntax - When defining content resources with GROQ filters, syntax errors can cause permissions to not work as expected. Make sure your filters are valid GROQ queries.

  4. Permission Level Hierarchy - The permission levels work like this:

    • No access (complete restriction)
    • Read (view-only)
    • Update and Create (create, read, edit)
    • Publish (full permissions including delete)

  5. API Token vs User Roles - If you're testing with API tokens, remember they need to have the custom role explicitly assigned to them.

Troubleshooting Steps:

  • Check the role configuration at sanity.io/manage under your project
  • Verify the GROQ filter in your content resource matches the documents you expect
  • Confirm dataset privacy settings align with your security requirements
  • Review all roles assigned to the affected user/token

Feel free to share more details in the thread about what specific permission behavior you're seeing versus what you expect! Things like whether it's too restrictive, too permissive, or behaving inconsistently would help narrow down the issue. Also helpful would be knowing if you're using the web interface at sanity.io/manage or the Roles API for configuration.

Show original thread
13 replies

Was this answer helpful?

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Related answers

Get more help in the community Discord

Related contributions

Auto-generate alt text for Media Library assets

FeaturedOfficial

Automatically generate accessible, multilingual alt text for images in your Sanity Media Library using Agent Actions and Sanity Functions

Bram Doppen

Bram Doppen

First Published Timestamp Function

FeaturedOfficial

Automatically track when content was first published with a timestamp that sets once and never overwrites, providing reliable publication history for analytics and editorial workflows.

Knut Melvær

Knut Melvær

Automatically tag blog posts

FeaturedOfficial

AI-powered automatic tagging for Sanity blog posts that analyzes content to generate 3 relevant tags, maintaining consistency by reusing existing tags from your content library.

Ken Jones Pizza
Knut Melvær

Ken Jones Pizza and 1 other