diff --git a/supabase/migrations/20251027231823_fix_audit_log_view_policy.sql b/supabase/migrations/20251027231823_fix_audit_log_view_policy.sql
new file mode 100644
index 00000000..ebc45965
--- /dev/null
+++ b/supabase/migrations/20251027231823_fix_audit_log_view_policy.sql
@@ -0,0 +1,20 @@
+-- Fix admin_audit_log view policy to allow viewing without AAL2
+-- Viewing logs is a read-only operation and doesn't require the same
+-- security level as modifying data. We still require moderator role.
+
+DROP POLICY IF EXISTS "Admins can view audit log" ON public.admin_audit_log;
+CREATE POLICY "Admins can view audit log"
+ON public.admin_audit_log
+FOR SELECT
+TO authenticated
+USING (
+  is_moderator(auth.uid())
+);
+
+-- Keep the strict AAL2 requirement for inserting audit logs
+-- (This policy already exists but we're documenting it here for clarity)
+COMMENT ON POLICY "Admins can insert audit log with MFA" ON public.admin_audit_log 
+IS 'Requires AAL2 (MFA step-up) for inserting audit logs to ensure high security for write operations';
+
+COMMENT ON POLICY "Admins can view audit log" ON public.admin_audit_log 
+IS 'Allows moderators to view audit logs without AAL2 since this is a read-only operation';