From 32ef306e99f951f1c8f9bbe11ec636c96b55db9c Mon Sep 17 00:00:00 2001
From: Tom Harding <i.am.tom.harding@gmail.com>
Date: Fri, 18 Aug 2023 13:24:41 +0200
Subject: [PATCH] Describe minimum role permissions for Postgres

[NDAT-802]: https://hasurahq.atlassian.net/browse/NDAT-802?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10116
GitOrigin-RevId: f7ab5347f0837c55db69714172196411d2f580f2
---
 docs/docs/databases/postgres/index.mdx | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/docs/databases/postgres/index.mdx b/docs/docs/databases/postgres/index.mdx
index 63c4be126f7..ca76597ea3d 100644
--- a/docs/docs/databases/postgres/index.mdx
+++ b/docs/docs/databases/postgres/index.mdx
@@ -204,6 +204,18 @@ Curious about any other Postgres flavors? Any other questions? Ask us on
 
 :::
 
+## Required user role permissions
+
+Below are the role permissions required for Hasura to perform all its functionality. Note that, with the exception of `CONNECT` and `GRANT USAGE`, the other features are opt-in, and not enabling them will simply mean that only the corresponding Hasura features will not work.
+
+* `CONNECT` is required in order for Hasura to connect to your Postgres data source.
+* You must `GRANT USAGE` to the Hasura user role for any schema you want to access via Hasura.
+* To allow queries and subscriptions via the GraphQL API, `SELECT` permissions are required.
+* Similarly, `INSERT`, `UPDATE`, and `DELETE` permissions are required for mutations.
+* The Hasura Console requires permissions such as `REFERENCES` and `CREATE` to make changes to your schema.
+* `TRIGGER` is required to use [Event Triggers](/event-triggers/overview.mdx)
+* If you want to use computed fields or user-defined Postgres functions, the `EXECUTE` permission is required.
+
 
 ## Know more