diff --git a/datasette/app.py b/datasette/app.py
index af8cfeab..d943b97b 100644
--- a/datasette/app.py
+++ b/datasette/app.py
@@ -896,7 +896,7 @@ class Datasette:
             await await_me_maybe(hook)
 
     async def permission_allowed(
-        self, actor, action, resource=None, default=DEFAULT_NOT_SET
+        self, actor, action, resource=None, *, default=DEFAULT_NOT_SET
     ):
         """Check permissions using the permissions_allowed plugin hook"""
         result = None
diff --git a/datasette/views/table.py b/datasette/views/table.py
index fcbe253d..1c187692 100644
--- a/datasette/views/table.py
+++ b/datasette/views/table.py
@@ -444,10 +444,10 @@ class TableInsertView(BaseView):
             # Must have insert-row AND upsert-row permissions
             if not (
                 await self.ds.permission_allowed(
-                    request.actor, "insert-row", database_name, table_name
+                    request.actor, "insert-row", resource=(database_name, table_name)
                 )
                 and await self.ds.permission_allowed(
-                    request.actor, "update-row", database_name, table_name
+                    request.actor, "update-row", resource=(database_name, table_name)
                 )
             ):
                 return _error(