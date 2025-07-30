Security considerations

Since language models can execute any query on your database, we advise creating a database user with only the permissions you want the models to have. Setting up a user with read-only permissions will help prevent accidental changes to your database.

Here's an example of how to create a PostgreSQL user with read-only access to the database:

CREATE ROLE mcp_read_only WITH LOGIN; GRANT CONNECT ON DATABASE my_database TO mcp_read_only; GRANT USAGE ON SCHEMA public TO mcp_read_only; GRANT SELECT ON my_table TO mcp_read_only; GRANT SELECT ON ALL TABLES IN SCHEMA public TO mcp_read_only; GRANT rds_iam TO mcp_read_only;

Remember that you will also need sufficient permissions on your Teleport user to access the database using this user.

You can also set up fine-grained permissions for use with MCP using Auto-user provisioning or Database Access Controls.