TeamCity "Access denied" / insufficient permission in CI
TeamCity rejected an action because the acting principal (a user or an access token) does not hold the required permission in the relevant project or globally. The action stops with an access-denied message.
What this error means
An action (trigger, edit settings, REST call) fails with "Access denied. You do not have enough permissions to ..." naming the operation.
Access denied. You do not have enough permissions to trigger the build.
Required permission: Run build (project "App").Common causes
The user or token lacks the required role
The principal is not assigned a role granting the specific permission (run build, edit project, view) in that project scope.
A token scoped too narrowly
An access token used by automation has a permission scope that does not include the operation being attempted.
How to fix it
Grant the required role in the right scope
- Identify the permission named in the error and the project scope.
- In Administration, assign the user (or the token owner) a role that includes that permission in that project.
- Retry the action.
Issue a token with sufficient scope
For automation, create an access token whose permission scope covers the operation, and use it in the REST call or integration.
How to prevent it
- Grant least-privilege roles that still cover required operations.
- Scope automation tokens explicitly to the actions they perform.
- Audit role assignments when projects or teams change.