You’re using Terraform Cloud and your trusty organization token, but “Insufficient rights” throws a wrench in your plans. Don’t panic! This error happens when terraform tries to run commands on a remote server, leaving your local token locked away.
Error details:
│ Error: Insufficient rights to generate a plan
│ The provided credentials have insufficient rights to generate a plan. In order to generate plans, at least plan permissions on the workspace.
By default, when utilizing Terraform Cloud’s remote backend, commands like terraform plan are executed on the remote environment. This presents a challenge because local credentials aren’t directly accessible in this remote context. To resolve this issue, we need to configure Terraform to run the plan on your local machine.
Here’s the fix:
1 Switch to Local Execution:
- Go to your workspace settings in Terraform Cloud.
- Find the “Execution Mode” setting and change it from “Remote” to “Local.” This tells Terraform to run things on your computer instead.

2 How backend connection will look:
- You have two ways to give Terraform your token:
- Environment Variable: Set the TF_API_TOKEN environment variable to your token’s value. It’s like setting a secret password.
- Credentials Block: Add a special code block to your Terraform configuration file that holds your token.

3 Run Commands Locally:
- With local execution enabled and authentication configured, you can now run terraform plan and other commands locally. Terraform will use the organization token to authenticate with Terraform Cloud.
Conclusion
The core problem is the mismatch between local execution of Terraform commands and authentication on the remote backend.
When commands are run locally, the credentials need to be configured locally for authentication, regardless of whether you’re using an organization or team token.