How to fix INSUFFICIENT_ACCESS_OR_READONLY in Salesforce deployments
The user running the deployment or data load doesn't have create, edit, or delete permission on the object or field being written to.
Surfaces during: runtime DML, in data loads, API calls, and Apex testsWhat it means
INSUFFICIENT_ACCESS_OR_READONLY means the running user's profile or permission set doesn't grant the access level the operation needs, most often field-level security or object CRUD permissions in the target org. This differs from INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, which is about a referenced record rather than the object being written directly.
This is the direct-object case: the record or field the DML statement is writing to is the one the running user lacks access to, not a related record touched along the way.
Common causes
The fix
- Grant object and field permissions to the deployment userUpdate the deployment or integration user's profile or permission set to include the required object CRUD and field-level security.
- Deploy and assign missing permission setsInclude permission set metadata in the deployment and confirm it's assigned to the running user in the target org, not just the source.
sf org assign permset --name Integration_Data_Access --target-org myOrgAlias - Use a dedicated integration user with a stable permission setStandardize deployment and API access on a purpose-built user and permission set instead of an individual admin's account that can change.
How Serpent prevents this
Serpent manages the permission sets it assigns to CI and integration users per org, so access gaps between environments surface as a task blocker instead of a failed pipeline run. See the Salesforce deployment error library.

Prevention
Related errors
INSUFFICIENT_ACCESS_OR_READONLY, answered
Start free. No credit card, no install, no commitment.
Set up in under 15 minutes. No DevOps hire needed.
