Describe minimum role permissions for Postgres

[NDAT-802]: https://hasurahq.atlassian.net/browse/NDAT-802?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10116 GitOrigin-RevId: f7ab5347f0837c55db69714172196411d2f580f2
2024-10-26 10:20:54 +03:00 · 2023-08-18 13:24:41 +02:00 · 2023-08-18 13:24:41 +02:00 · 32ef306e99
commit 32ef306e99
parent ec8e1bbc45
1 changed files with 12 additions and 0 deletions
--- a/docs/docs/databases/postgres/index.mdx
+++ b/docs/docs/databases/postgres/index.mdx
@ -204,6 +204,18 @@ Curious about any other Postgres flavors? Any other questions? Ask us on

 :::

+## Required user role permissions
+
+Below are the role permissions required for Hasura to perform all its functionality. Note that, with the exception of `CONNECT` and `GRANT USAGE`, the other features are opt-in, and not enabling them will simply mean that only the corresponding Hasura features will not work.
+
+* `CONNECT` is required in order for Hasura to connect to your Postgres data source.
+* You must `GRANT USAGE` to the Hasura user role for any schema you want to access via Hasura.
+* To allow queries and subscriptions via the GraphQL API, `SELECT` permissions are required.
+* Similarly, `INSERT`, `UPDATE`, and `DELETE` permissions are required for mutations.
+* The Hasura Console requires permissions such as `REFERENCES` and `CREATE` to make changes to your schema.
+* `TRIGGER` is required to use [Event Triggers](/event-triggers/overview.mdx)
+* If you want to use computed fields or user-defined Postgres functions, the `EXECUTE` permission is required.
+

 ## Know more