Database API 42501 errors

Last edited: 1/23/2026

Postgres 42501 errors, often reported by clients as 401 or 403 errors, imply the request lacked adequate privileges. They can be viewed in the log explorer by running:

1
select
2
  cast(postgres_logs.timestamp as datetime) as timestamp,
3
  event_message,
4
  parsed.error_severity,
5
  parsed.user_name,
6
  parsed.query,
7
  parsed.detail,
8
  parsed.hint
9
from
10
  postgres_logs
11
  cross join unnest(metadata) as metadata
12
  cross join unnest(metadata.parsed) as parsed
13
where
14
  regexp_contains(parsed.error_severity, 'ERROR|FATAL|PANIC')
15
  and parsed.sql_state_code = '42501'
16
order by timestamp desc
17
limit 100;

They tend to be caused by one of the following factors.

Attempted to access a forbidden schema

API roles cannot access certain schemas, most notably auth and vault. This restriction extends to Foreign Data Wrappers relying on vault. While you can bypass it using a security definer function, these schemas are intentionally restricted for security reasons.

Attempted to access a custom schema

If you created a custom schema, you will have to give the Database API permission to query it. Follow our Using Custom Schemas guide for more directions.

Missing table-level privileges

If you see an error like permission denied for table your_table, the querying role may not have the required privilege for the operation.

By default, tables in the public schema are granted SELECT, INSERT, UPDATE, and DELETE to the anon and authenticated roles. However, these privileges can be adjusted via the Dashboard Table Editor or via SQL.

To check the current privileges on a table:

1
select grantee, privilege_type
2
from information_schema.role_table_grants
3
where table_name = 'your_table';

To grant a specific privilege to a role:

1
grant select on table public.your_table to anon;

To grant all privileges:

1
grant select, insert, update, delete on table public.your_table to anon, authenticated;

Configured column-level restrictions

If you've set column-based access in the Dashboard or via SQL, queries will fail with a 42501 error when accessing restricted columns. This includes using select *, as it expands to include forbidden columns.

RLS:

If the anon or authenticated roles attempt to UPDATE or INSERT values without the necessary RLS permissions, Postgres will return a 42501 error.