diff --git a/sentry.server.config.ts b/sentry.server.config.ts
index 9eee1b79..173e829e 100644
--- a/sentry.server.config.ts
+++ b/sentry.server.config.ts
@@ -2,6 +2,17 @@ import * as Sentry from "@sentry/nextjs";
 
 const dsn = process.env.SENTRY_DSN;
 
+function isRlsViolation(event: Sentry.ErrorEvent): boolean {
+  return (
+    event.exception?.values?.some(
+      (ex) =>
+        ex.value?.includes("42501") ||
+        ex.value?.toLowerCase().includes("row-level security") ||
+        ex.value?.toLowerCase().includes("insufficient privilege")
+    ) ?? false
+  );
+}
+
 if (dsn) {
   Sentry.init({
     dsn,
@@ -9,11 +20,21 @@ if (dsn) {
     environment: process.env.NODE_ENV,
     enabled: process.env.NODE_ENV === "production",
     beforeSend(event) {
-      // Redact PII from error reports
       if (event.request?.headers) {
         delete event.request.headers["cookie"];
         delete event.request.headers["authorization"];
       }
+
+      if (isRlsViolation(event)) {
+        event.fingerprint = ["rls-policy-violation-42501"];
+        event.tags = {
+          ...event.tags,
+          rls_violation: "true",
+          sqlstate: "42501",
+        };
+        event.level = "fatal";
+      }
+
       return event;
     },
   });