insufficient_privilege permission denied for table … — 42501

Symptoms

The current role lacks the privilege needed for the operation on this table — for example SELECT, INSERT, UPDATE, or DELETE. The command is valid; the role simply has not been granted access.

• The statement is refused with SQLSTATE 42501.
• Affects only specific roles — the owner and superusers are unaffected.
• Often appears after creating a new role or a fresh schema without grants.

What the server log shows

ERROR:  permission denied for table orders
STATEMENT:  SELECT * FROM orders;

Why PostgreSQL raises this — what the manual says

Section 5.7 Privileges:

“To allow other roles to use it, privileges must be granted.”

PostgreSQL checks the role’s privileges on the table (granted directly or via role membership) before executing. Missing the required privilege yields 42501. Note you also need USAGE on the table’s schema — a separate grant.

Common causes

• The role was never granted SELECT/INSERT/etc. on the table.
• Missing USAGE on the containing schema.
• Connecting as a different role than expected.
• A row-level security policy denying access (different message, related cause).

How to fix it

1. Grant the privilege: GRANT SELECT ON orders TO app_role;.
2. Grant schema access too: GRANT USAGE ON SCHEMA public TO app_role;.
3. Set future-object defaults: ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO app_role;.
4. Verify the connected role: SELECT current_user;.

Diagnostic query

-- What privileges does a role have on the table?
SELECT grantee, privilege_type
FROM information_schema.role_table_grants
WHERE table_name = 'orders';

Compare against what the failing role needs.

Related & next steps

• SQLSTATE 42501 — Insufficient Privilege (full reference)
• Message: permission denied for schema
• Message: must be owner of relation

Reference: PostgreSQL 18 Section 5.8 “Privileges”.