ERR_PERMISSION_DENIED on Zapier: Permission denied. Root cause: The authenticated user account or API token does not have sufficient permissions to perform the requested operation. This can result from role changes, permission scope restrictions on OAuth tokens, or attempting to access resources owned by a different user or workspace. Step 1: Identify the exact resource being denied. Open the Zapier task history for the failing Zap. The error message will specify which API call failed — e.g. "POST /crm/v3/objects/contacts" or "GET /files/upload". Note the endpoint and the action type (read, write, delete). Step 2: Check the connected account's OAuth scopes. In Zapier, go to My Apps → find the connected account → click the gear icon → Reconnect. During reconnection, review the OAuth permission screen. If the required scope (e.g. "contacts:write" or "files:read") is not listed, the account was connected without it and must be reconnected with the correct scopes. Step 3: Verify the user's role in the source platform. Log into the connected app (e.g. HubSpot, Salesforce) and check the user account's role. A user with a "Viewer" or "Read-only" role cannot write data via the API regardless of what Zapier requests. The account used for the Zapier connection must have at minimum "Editor" or "Standard User" permissions. Step 4: Switch to a dedicated service account. If the Zap is connected under a personal user account, create a dedicated service account in the source platform with the minimum required permissions. Reconnect the Zapier app using that service account. This prevents the Zap from breaking when the original user changes their password or leaves the organisation. Step 5: Test the connection with a lower-risk action. Before re-running the full Zap, use Zapier's "Test" button on the failing action step with a safe test record. Confirm the permission error is resolved before enabling the Zap for live data.