Get help on Discord

How to remove admin access for former team members in Sanity datasets?

2 replies
Last updated: Apr 5, 2024
Hi Everyone
My team has laid off a few team members. Some of these team members have admin access to datasets. I am also an admin but I cannot remove their access.

How can I go about removing access for these individuals? Or do I need to migrate my data to a new dataset point my site there?
AI Update

I understand the urgency of this situation. While I can't find specific documentation about the exact permissions required to remove administrators, I can provide you with the practical steps to resolve this based on how Sanity's project management works.

How to Remove Former Team Members

The primary way to manage project members is through Sanity Manage at manage.sanity.io. Here's what to do:

  1. Go to manage.sanity.io
  2. Select your project
  3. Navigate to the Members section
  4. Remove the individuals who no longer need access

If You Can't Remove Them

If you're unable to remove these admin members through the interface, there are a few possible reasons and solutions:

Check Your Actual Permissions

Even though you have admin access, there may be permission restrictions on removing other admins. In the Members section, look for any indicators about who has ownership or higher-level permissions. Some projects may have an "owner" role that's distinct from regular administrators.

Contact Sanity Support

If you're blocked from removing these members, reach out to Sanity support directly. They can help you:

  • Verify your permission level
  • Transfer project ownership if needed
  • Remove members if there's a permission issue
  • Provide guidance specific to your project's configuration

You can contact them through the help section in manage.sanity.io or at support@sanity.io. Given that this is a security-sensitive situation with former employees, they should prioritize your request.

Use the Management API (If You Have Appropriate Access)

If you have API access, you can programmatically manage members using the Management API. This provides centralized control over project access control and member management through a RESTful interface.

Important Security Steps After Removal

Once you're able to remove these former team members, make sure to also:

  • Revoke API tokens: Go to the API tab in manage.sanity.io and check for any tokens they may have created
  • Review CORS origins: Ensure no unauthorized domains remain in your CORS configuration
  • Audit webhooks: Check webhook configurations in case they set up any external integrations
  • Review custom roles: If your project uses custom access controls, verify no specific permissions were granted to these users

SSO Consideration

If your organization uses SAML SSO, removing members from your identity provider should automatically revoke their Sanity access. However, you'll still want to explicitly remove them from the project in Sanity Manage for cleaner member management.

You Don't Need to Migrate

The good news is that you definitely don't need to migrate your data to a new dataset. Once these members are removed through the proper channels, they'll lose all access to your project and datasets immediately. Migration would be a last resort and unnecessary for this situation.

If you continue to have issues removing these members through the standard interface, Sanity support is your best path forward to resolve this quickly and securely.

Show original thread
2 replies
Hi
user D
. Please DM me your project ID and I’ll take a look.
Resolved as a UX issue.

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?