diff --git a/supabase/migrations/20251102024255_bf859683-9b2a-4761-b4b7-78283b764ea2.sql b/supabase/migrations/20251102024255_bf859683-9b2a-4761-b4b7-78283b764ea2.sql
new file mode 100644
index 00000000..0423216a
--- /dev/null
+++ b/supabase/migrations/20251102024255_bf859683-9b2a-4761-b4b7-78283b764ea2.sql
@@ -0,0 +1,15 @@
+-- Relax admin_audit_log SELECT policy to not require AAL2
+-- This allows admins to view audit logs without constant MFA step-up
+-- Write operations still require AAL2 for security
+
+-- Drop the existing SELECT policy
+DROP POLICY IF EXISTS "Admins can view audit log" ON public.admin_audit_log;
+
+-- Create new SELECT policy without AAL2 requirement for reads
+CREATE POLICY "Admins can view audit log"
+ON public.admin_audit_log
+FOR SELECT
+TO authenticated
+USING (
+  is_moderator(auth.uid())
+);
\ No newline at end of file