diff --git a/deploy/init.sql b/deploy/init.sql
index 0707f0e..6842131 100644
--- a/deploy/init.sql
+++ b/deploy/init.sql
@@ -243,6 +243,12 @@ GRANT ALL ON public.membership_statuses TO service_role;
 GRANT ALL ON public.membership_types TO service_role;
 GRANT ALL ON public.members TO service_role;
 
+-- Grant authenticated role read access to core tables (required for RLS to work)
+GRANT SELECT ON public.membership_statuses TO authenticated;
+GRANT SELECT ON public.membership_types TO authenticated;
+GRANT SELECT ON public.members TO authenticated;
+GRANT UPDATE ON public.members TO authenticated;
+
 -- DUES PAYMENTS
 CREATE TABLE public.dues_payments (
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -575,6 +581,9 @@ LEFT JOIN LATERAL (
   LIMIT 1
 ) dp ON true;
 
+-- Grant access to authenticated users
+GRANT SELECT ON public.members_with_dues TO authenticated;
+
 -- Events with attendee counts
 CREATE VIEW public.events_with_counts AS
 SELECT
@@ -617,6 +626,39 @@ LEFT JOIN LATERAL (
   WHERE event_id = e.id
 ) public_rsvps ON true;
 
+-- Grant view access to authenticated users
+GRANT SELECT ON public.events_with_counts TO authenticated;
+
+-- ============================================
+-- TABLE GRANTS FOR AUTHENTICATED ROLE
+-- ============================================
+-- These grants are required for RLS policies to work.
+-- RLS policies control WHAT rows can be accessed,
+-- but GRANT controls WHETHER the table can be accessed at all.
+
+-- Core tables
+GRANT SELECT ON public.dues_payments TO authenticated;
+
+-- Events
+GRANT SELECT ON public.events TO authenticated;
+GRANT SELECT ON public.event_types TO authenticated;
+GRANT SELECT, INSERT, UPDATE, DELETE ON public.event_rsvps TO authenticated;
+GRANT SELECT, INSERT ON public.event_rsvps_public TO authenticated;
+
+-- Documents
+GRANT SELECT ON public.documents TO authenticated;
+GRANT SELECT ON public.document_categories TO authenticated;
+GRANT SELECT ON public.document_folders TO authenticated;
+
+-- Settings (public settings viewable)
+GRANT SELECT ON public.app_settings TO authenticated;
+
+-- Email logs (own logs viewable)
+GRANT SELECT ON public.email_logs TO authenticated;
+
+-- Notification preferences
+GRANT SELECT, INSERT, UPDATE ON public.user_notification_preferences TO authenticated;
+
 -- ROW LEVEL SECURITY
 
 -- Enable RLS on all tables