When you try to open the Mastodon admin dashboard and see the error message ‘You are not authorized,’ you cannot manage users, view reports, or change server settings. This error usually means your account does not have the correct admin role assigned in the database or the role has become corrupted. This article explains the root cause of the authorization failure and provides step-by-step instructions to restore your admin access using the Mastodon command-line interface.
Key Takeaways: Restore Admin Dashboard Access in Mastodon
- Database role check via Rails console: Use
tootctl accounts modifyto verify and reassign the owner or admin role to your user account. - Environment variable
LOCAL_DOMAINmismatch: Ensure the domain in your user record matches the server domain exactly, including subdomains. - Session cache clearing: Run
tootctl cache clearafter changing roles to force the server to reload permissions immediately.
Why Mastodon Returns ‘You Are Not Authorized’ on the Admin Dashboard
Mastodon uses a role-based permission system stored in the users table of the PostgreSQL database. The two roles that grant dashboard access are admin and owner. The owner role has full control, while the admin role can manage most settings but cannot delete the instance or change certain critical configurations.
The error occurs when your account’s role field is set to user or is NULL. This can happen after a failed database migration, a manual import of user records, or when the server domain name in the user record does not match the LOCAL_DOMAIN environment variable. Mastodon checks both the role and the domain match before granting access to the admin dashboard.
Another cause is a corrupted session or permission cache. When you change a user’s role, Mastodon does not immediately refresh the permissions for active sessions. The server continues to serve the cached authorization state until the cache expires or is manually cleared.
Steps to Fix the ‘You Are Not Authorized’ Error
You need SSH access to your Mastodon server and the ability to run commands as the Mastodon user. If you do not have SSH access, contact your hosting provider or system administrator.
- SSH into your Mastodon server
Open a terminal and connect to your server usingssh yourusername@yourserverip. Replaceyourusernameandyourserveripwith your actual credentials. - Switch to the Mastodon user
Runsudo -i -u mastodonto change to the user account that runs the Mastodon services. The username may vary; common names aremastodonortoot. - Navigate to the Mastodon directory
Runcd /home/mastodon/liveor the path where your Mastodon code is installed. Verify the path by checking your Docker compose file or systemd service file. - Open the Rails console
RunRAILS_ENV=production bin/rails console. This starts an interactive Ruby shell connected to your Mastodon database. Wait for the prompt to appear. - Find your user record
Typeuser = User.find_by(email: 'youremail@example.com')and press Enter. Replaceyouremail@example.comwith the email address you use to log in. The console will display the user object if found. - Check the current role
Typeuser.roleand press Enter. If the output shows"user"ornil, the role needs to be changed. If it shows"admin"or"owner", the problem is elsewhere. - Change the role to admin
Typeuser.update(role: :admin)and press Enter. The console will returntrueif the update succeeds. To make the user the owner, useuser.update(role: :owner)instead. - Verify the domain in the user record
Typeuser.account.username + '@' + user.account.domainand press Enter. Compare this with your server domain. If the domain is wrong or nil, update it by typinguser.account.update(domain: 'yourdomain.com')replacingyourdomain.comwith your actual domain. - Exit the Rails console
Typeexitand press Enter. You are now back in the shell. - Clear the permission cache
RunRAILS_ENV=production bin/tootctl cache clear. This command flushes the Redis cache and forces Mastodon to reload permissions on the next request. - Restart the web process
Runsystemctl --user restart mastodon-webif you use systemd. For Docker setups, rundocker restart mastodon_web_1. This ensures the new role is picked up by the web server. - Test the admin dashboard
Open your browser, log out of Mastodon, log back in, and navigate tohttps://yourdomain.com/admin. The dashboard should now load without the error.
If Mastodon Still Shows the Authorization Error After the Main Fix
Session Cookie Not Updated After Role Change
Mastodon stores authorization data in a signed cookie. If the cookie was issued before the role change, the server may still see the old role. Clear your browser cookies for the Mastodon domain or open the dashboard in a private browsing window. Log in again and test the dashboard.
Environment Variable LOCAL_DOMAIN Does Not Match
Check the LOCAL_DOMAIN environment variable in your Mastodon configuration file (.env.production). Run grep LOCAL_DOMAIN /home/mastodon/live/.env.production. The value must be exactly the same as the domain in your user record, including any subdomain like social.yourdomain.com. If they differ, edit the file and restart all Mastodon services.
Database Migration Failed During Upgrade
After a Mastodon version upgrade, some database migrations may not run correctly. Run RAILS_ENV=production bin/tootctl db:migrate to apply any pending migrations. Then run RAILS_ENV=production bin/tootctl cache clear and restart the web process.
Mastodon Admin Roles: Owner vs Admin
| Item | Owner | Admin |
|---|---|---|
| Access to admin dashboard | Yes | Yes |
| Delete the instance | Yes | No |
| Change server domain | Yes | No |
| Manage all user accounts | Yes | Yes |
| View and resolve reports | Yes | Yes |
| Modify server-wide settings | Yes | Yes |
After applying the fix, you can now access the admin dashboard and manage your Mastodon instance. To prevent future authorization errors, always use the tootctl accounts modify command for role changes instead of direct database edits. Run tootctl accounts modify --role admin --email youremail@example.com from the shell to change roles without opening the Rails console.