Skip to content
Latchkey

TeamCity "Access denied" / insufficient permission in CI

TeamCity rejected an action because the acting principal (a user or an access token) does not hold the required permission in the relevant project or globally. The action stops with an access-denied message.

What this error means

An action (trigger, edit settings, REST call) fails with "Access denied. You do not have enough permissions to ..." naming the operation.

TeamCity
Access denied. You do not have enough permissions to trigger the build.
Required permission: Run build (project "App").

Common causes

The user or token lacks the required role

The principal is not assigned a role granting the specific permission (run build, edit project, view) in that project scope.

A token scoped too narrowly

An access token used by automation has a permission scope that does not include the operation being attempted.

How to fix it

Grant the required role in the right scope

  1. Identify the permission named in the error and the project scope.
  2. In Administration, assign the user (or the token owner) a role that includes that permission in that project.
  3. Retry the action.

Issue a token with sufficient scope

For automation, create an access token whose permission scope covers the operation, and use it in the REST call or integration.

How to prevent it

  • Grant least-privilege roles that still cover required operations.
  • Scope automation tokens explicitly to the actions they perform.
  • Audit role assignments when projects or teams change.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →