Database Roles
This document describes the intended database role model for Neon PostgreSQL.
Purpose
This document describes the intended database role model for Neon PostgreSQL.
Do not execute role changes in production without explicit human approval.
Current Recommendation
Start with a minimal role model in development.
Initial roles:
app_migrationapp_runtimenocodb_admin
Future roles:
n8n_workerreadonly_aianalytics_readerbilling_workerbackup_operator
Role Meanings
app_migration
Used by Drizzle migrations and schema tools.
Allowed to:
- Create tables
- Alter schema
- Run migrations
Use direct database connection.
app_runtime
Used by the runtime API such as Hono on Cloudflare Workers.
Allowed to:
- Read and write required application tables
- Avoid schema changes
Use pooled database connection.
nocodb_admin
Used by NocoDB or similar human admin tools.
Allowed to:
- Read and edit data in development
- Help migrate Airtable-like data
- Work in sandbox schemas when possible
n8n_worker Future
Used by automation workflows.
Should start with limited read access and narrowly granted write access.
readonly_ai Future
Used by AI tools that need read-only inspection.
Should never write to production data.
Connection Discipline
Use direct connections for:
- Migrations
- Schema changes
- Introspection
- Manual maintenance
Use pooled connections for:
- Runtime app traffic
- Serverless functions
- Automation workers
Safety Rules
- Do not share owner credentials with runtime apps.
- Do not use production credentials in local experiments.
- Do not commit connection strings.
- Do not run large permission scripts without testing on a disposable branch.