Postgres
Connect a Postgres database to trend with a SELECT-only role.
trend talks to Postgres over the standard wire protocol. We strongly recommend creating a dedicated read-only role rather than reusing an existing application user.
Recommended role setup
Run this in your Postgres database as a superuser:
CREATE ROLE trend_readonly LOGIN PASSWORD 'choose-a-strong-password';
GRANT CONNECT ON DATABASE your_db TO trend_readonly;
GRANT USAGE ON SCHEMA public TO trend_readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO trend_readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO trend_readonly;
Repeat the GRANTs for every schema you want trend to read.
Adding the connection
Connections → New connection → Postgres. Enter:
- Host — your DB host (e.g.
db.acme.com) - Port — usually 5432
- Database — the database name
- User —
trend_readonly - Password — the password you set above
- SSL — leave on for production
Click Test connection. If everything checks out you’ll see a green Read-only verified badge — that’s trend confirming the account is genuinely SELECT-only (we run a transactional write probe and immediately roll it back).
Warning
If you connect with a non-read-only role you’ll see an amber "writes possible" warning. You can save the connection anyway, but our enforcement layers (SQL validator + session read-only flag) become the only protection against accidental writes.
What to read next
- MySQL — same flow with the mysql driver.
- Snowflake — warehouse-specific notes.
- BigQuery — service-account setup and cross-project queries.
- Security model — the three layers of read-only enforcement.