Database API 42501 errors
Last edited: 6/5/2025
Postgres 42501 errors, often reported by clients as 401 or 403 errors, imply the request lacked adequate privileges. They can be viewed in the log explorer by running:
1234567891011121314151617select cast(postgres_logs.timestamp as datetime) as timestamp, event_message, parsed.error_severity, parsed.user_name, parsed.query, parsed.detail, parsed.hintfrom postgres_logs cross join unnest(metadata) as metadata cross join unnest(metadata.parsed) as parsedwhere regexp_contains(parsed.error_severity, 'ERROR|FATAL|PANIC') and parsed.sql_state_code = '42501'order by timestamp desclimit 100;
They tend to be caused by one of the following factors.
Attempted to access a forbidden schema
API roles cannot access certain schemas, most notably auth
and vault
. This restriction extends to Foreign Data Wrappers relying on vault
. While you can bypass it using a security definer function, these schemas are intentionally restricted for security reasons.
Attempted to access a custom schema
If you created a custom schema, you will have to give the Database API permission to query it. Follow our Using Custom Schemas guide for more directions.
Revoked object level access:
In rare cases, users may accidentally revoke object-level access in public
from their API roles. To regrant full visibility, run the below code:
1234567grant usage on schema public to anon, authenticated, service_role;grant all on all tables in schema public to anon, authenticated, service_role;grant all on all routines in schema public to anon, authenticated, service_role;grant all ON all sequences in schema public to anon, authenticated, service_role;alter default privileges for role postgres in schema public grant all on tables to anon, authenticated, service_role;alter default privileges for role postgres in schema public grant all on routines to anon, authenticated, service_role;alter default privileges for role postgres in schema public grant all on sequences to anon, authenticated, service_role;
Configured column-level restrictions
If you've set column-based access in the Dashboard or via SQL, queries will fail with a 42501
error when accessing restricted columns. This includes using select *
, as it expands to include forbidden columns.
RLS:
If the anon or authenticated roles attempt to UPDATE or INSERT values without the necessary RLS permissions, Postgres will return a 42501 error.