Postgres

Connect a Postgres database to trend with a SELECT-only role.

trend talks to Postgres over the standard wire protocol. We strongly recommend creating a dedicated read-only role rather than reusing an existing application user.

Run this in your Postgres database as a superuser:

CREATE ROLE trend_readonly LOGIN PASSWORD 'choose-a-strong-password';
GRANT CONNECT ON DATABASE your_db TO trend_readonly;
GRANT USAGE ON SCHEMA public TO trend_readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO trend_readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
  GRANT SELECT ON TABLES TO trend_readonly;

Repeat the GRANTs for every schema you want trend to read.

Adding the connection

Connections → New connection → Postgres. Enter:

  • Host — your DB host (e.g. db.acme.com)
  • Port — usually 5432
  • Database — the database name
  • Usertrend_readonly
  • Password — the password you set above
  • SSL — leave on for production

Click Test connection. If everything checks out you’ll see a green Read-only verified badge — that’s trend confirming the account is genuinely SELECT-only (we run a transactional write probe and immediately roll it back).

Warning

If you connect with a non-read-only role you’ll see an amber "writes possible" warning. You can save the connection anyway, but our enforcement layers (SQL validator + session read-only flag) become the only protection against accidental writes.

  • MySQL — same flow with the mysql driver.
  • Snowflake — warehouse-specific notes.
  • BigQuery — service-account setup and cross-project queries.
  • Security model — the three layers of read-only enforcement.