In your production build, what is the value of the com.apple.developer.icloud-container-environment entitlement? If you have that set to Development you would need to switch it to Production.
A "Permission Failure" error typically means you didn't sign-in to Apple iCloud on the device you are using to run your app. That includes running on iDevice Simulator. The fix is to go to the device's "Settings" and log-in to iCloud. Once this is done, you shoud be able to run your app on that device without getting Permission Failure.
Not sure what happens if you use the new Apple Authentication code (circa Fall 2019). Perhaps that would also eliminate the problem from occuring.
iCloud doesn't let a User write to CloudKit unless they have an Apple ID and are logged-in to that ID. Typicallly your phone will be logged-in, but when using Simulator prolly not!