Since 2.15.0: Attempt to read execution was blocked due to insufficient permissions

Questions
1

Can anybody help we with this or has the same problem? :folded_hands:

Since 2.15.0: When executing a workflow manually, my docker compose logs outputs

n8n-1  | Skipping execution data push: unable to resolve user for redaction
n8n-1  | Attempt to read execution was blocked due to insufficient permissions

when my workflow contains e.g. a webhook-node that pushes back data to the browser of my browser.

To Reproduce

Simply run a flow or a part of a flow that has a webhook-trigger for example in the editor and then run it.
If you try to open a node that just ran, it won’t load it’s input and output data, probably due to the errors above.

Expected behavior

Load input and output data as expected.

Debug Info

My docker-compose looks like this. I use custom ports, a custom certificate and a mini dns. Besides that it’s fairly standard and according to he official Docker Compose | n8n Docs

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:60080"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:60443"
      #- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      #- "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      #- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
      - "--providers.file.directory=/etc/traefik/dynamic"
    ports:
      - "60080:60080"
      - "60443:60443"
    volumes:
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${DATA_FOLDER}/cert:/cert
      - ${DATA_FOLDER}/cert/certs-traefik.yml:/etc/traefik/dynamic/certs-traefik.yml

  n8n:
    image: n8nio/n8n
    restart: always
    ports:
      - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      #- traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker
      - "traefik.http.middlewares.n8n.headers.customResponseHeaders.Access-Control-Allow-Origin=*"
    environment:
      - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}:60443/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - N8N_DIAGNOSTICS_ENABLED=false
      - N8N_VERSION_NOTIFICATIONS_ENABLED=false
      - EXECUTIONS_DATA_SAVE_ON_ERROR=all
      - EXECUTIONS_DATA_SAVE_ON_SUCCESS=none
      - EXECUTIONS_DATA_SAVE_ON_PROGRESS=true
      - EXECUTIONS_DATA_SAVE_MANUAL_EXECUTIONS=false
      - EXECUTIONS_DATA_PRUNE=true
      - EXECUTIONS_DATA_MAX_AGE=336
      - DB_SQLITE_VACUUM_ON_STARTUP=true
      - N8N_INSECURE_DISABLE_WEBHOOK_IFRAME_SANDBOX=true

      - N8N_RESTRICT_FILE_ACCESS_TO=/files
      - DB_SQLITE_POOL_SIZE=2

      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
    volumes:
      - ${DATA_FOLDER}/.n8n:/home/node/.n8n
      - /local-files:/files

Debug info

core

  • n8nVersion: 2.15.0
  • docker (self-hosted)

client

  • userAgent: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/147.0.0.0 safari/537.36

Operating System

Windows

n8n Version

2.15.0

Node.js Version

24.13.1

Database

SQLite (default)

Execution mode

main (default)

Hosting

self hosted

3

@nm5182 try setting EXECUTIONS_DATA_SAVE_MANUAL_EXECUTIONS=true — you have it as false right now so n8n isn’t persisting the manual run data, and since 2.15.0 the permission check fails when it can’t find the execution record to verify access. that’s almost certainly your issue

4

@achamm Wow! You’re the best! That actually fixed it. :heart:

So when I decide that you don’t want to save manual execution data in the execution history, the n8n editor can’t even load temporary manual execution data anymore, while I’m debugging a flow. That’s kind of a bug imo. The setting for not saving manual execution data always refered to the permanently stored data in the execution history and not for the temporary manual execution data while someone’s developing & debugging a flow. The editor becomes basically unusable when you don’t want to store manual execution data permanently.

6

Your welcome! Feel free to put whoever’s post you want as the solution! Always happy to help!