Skip to content
Latchkey

GitHub Actions "Resource not accessible by personal access token" (fine-grained)

Fine-grained PATs grant narrow per-permission scopes per repository. A call fails with 403 when the token has access to the repo but not the specific permission (contents, pull-requests, issues, etc.) the call needs.

What this error means

A step using a fine-grained PAT fails with resource not accessible by personal access token.

github-actions
RequestError [HttpError]: Resource not accessible by personal access token
    status: 403

Common causes

Missing fine-grained permission

The PAT lacks the exact permission (e.g. Pull requests: write) the operation requires.

Repository not selected

The fine-grained PAT does not include the target repository in its allowed list.

How to fix it

Grant the needed permission

  1. Edit the fine-grained PAT under Developer settings.
  2. Add the specific repository and grant the exact permission (e.g. Contents: write, Pull requests: write).
  3. Update the secret holding the token and re-run.

How to prevent it

  • Map each automation to the minimal fine-grained permissions it needs.
  • Prefer GITHUB_TOKEN with a permissions block when no cross-repo access is required.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →