Diagnostic Queries
Symptoms
An INSERT or UPDATE was rejected because the new row violates a row-level security (RLS) policy on the table. PostgreSQL raises SQLSTATE 42501 (insufficient_privilege).
- RLS policy blocked the write for the current role.
- The row would not be visible/permitted under the policy.
- Common with WITH CHECK policy expressions.
What the server log shows
ERROR: new row violates row-level security policy for table "orders"Why PostgreSQL raises this — what the manual says
As the CREATE VIEW reference (WITH CHECK OPTION) explains:
An INSERT or UPDATE through an auto-updatable view defined WITH CHECK OPTION produced a row that would not be visible through the view’s defining condition, so the change was rejected to keep the view’s contents self-consistent.
Row-level security policies attach a WITH CHECK predicate to writes. If the new/updated row fails that predicate for the current role, PostgreSQL forbids the write with 42501 to enforce the access policy.
Common causes
- The row’s values fall outside what the role’s policy permits.
- A WITH CHECK expression stricter than expected.
- Writing on behalf of a role without a matching policy.
How to fix it
- Set the row’s values to satisfy the policy (e.g. correct tenant/owner column).
- Review the table’s policies:
SELECT * FROM pg_policies WHERE tablename = 'orders';. - Adjust the policy or use a role that the policy permits, if appropriate.
Related & next steps
Reference: PostgreSQL 18 Section 5.9 “Row Security Policies”.
Thanks — noted. This helps keep the database accurate.