Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w2rGT-000fi0-22
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 18 Mar 2026 13:48:49 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w2rGR-00BDDk-1D
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 18 Mar 2026 13:48:47 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <peter@eisentraut.org>)
	id 1w2rGR-00BD9l-0D
	for pgsql-hackers@lists.postgresql.org;
	Wed, 18 Mar 2026 13:48:47 +0000
Received: from fout-b7-smtp.messagingengine.com ([202.12.124.150])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <peter@eisentraut.org>)
	id 1w2rGN-00000000MlI-2a7f
	for pgsql-hackers@postgresql.org;
	Wed, 18 Mar 2026 13:48:46 +0000
Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46])
	by mailfout.stl.internal (Postfix) with ESMTP id 41FB21D001E2;
	Wed, 18 Mar 2026 09:48:44 -0400 (EDT)
Received: from phl-frontend-03 ([10.202.2.162])
  by phl-compute-06.internal (MEProxy); Wed, 18 Mar 2026 09:48:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eisentraut.org;
	 h=cc:cc:content-transfer-encoding:content-type:content-type
	:date:date:from:from:in-reply-to:in-reply-to:message-id
	:mime-version:references:reply-to:subject:subject:to:to; s=fm3;
	 t=1773841724; x=1773928124; bh=Pa04nj2B8vehr5xRYxgAl6G05W3GghO1
	LktLKJvEJuA=; b=qQJf+HFJ6B0xdiQRnUBoE7owc26ZgoiY7uAkBQnAQ6zOFoXB
	HLyjtf9DMmAfgutFg1c7763H2xoQBRfsFeHnSCND5wwh6NxjW/GRgaRtlGLfFitk
	GzPCuUPQ/Pzhq2RW40OoS8lKPiWd6VaL9nOq7jXnao80g5W6qoHS56mo2b1SVqr7
	aVxiYoTj/6kTzG5yvBxN37pAZOPnbGKt7v7XKcR5Tledf4l0MflOQyDiqtS3MIYW
	/RYxpbFNEFcuiPTeh7gwcy2D1BQ+3Mlzh88EpAfZ1w2hT9CD3JpsxtKVbUQqgzhr
	tKstyYAPERyXD4bgJQAkhNJHk9MyMRZVr44asA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1773841724; x=
	1773928124; bh=Pa04nj2B8vehr5xRYxgAl6G05W3GghO1LktLKJvEJuA=; b=j
	rZJ+iWzR4h4S+WFHJk9NLJ1xz4+dIDE7q/VDRSIRgQp1vgRntRb0xayugmNuJ0Df
	5o1nKQWbCl2gjmIuobpFj0A25X/XnN3/8blPXMOLSIqNUpOrVqFAyP2PuCRrClaJ
	E01vdAIRQNW4sBYDOQeWRUT+0OIYzahqKJ6AaxDbFPT3E3eJQw/mNCy2MI+1Nnwr
	q0j9pFV+48Hou9qSvI5uz9+KAMfs5kS7A+UhSgU7h7D3KzK/P2rws3ISGRpxocgY
	0lKek0EOzqMIRmsfSkAXn6cFHKVEd/mttdMf6NttJDPt5HGAyHPxllT2CZjH5uxi
	ljCalXrt1Jporw3YdyFhw==
X-ME-Sender: <xms:O626aV-vnaRQZCWE9XpT-LIns3c8cCm1q8nhFJiuljmtWpHgIZjATA>
    <xme:O626aZ2G2NpVOL8LoT0TwIPB91l5SrzbBH9aexiZv8vTHCeMK4lBlIhvCpg_7s1Xr
    cEld0uSntH3Ux26ukT-EYbI_mwftsOg0cANzicW0D4llGeczCmKyw>
X-ME-Received: 
 <xmr:O626aa9osWO1OazFoLCQXk67l3ir3H42tECrSROUuubMRNb_uOCUu5aRsE3vAaIwTAdqMEZbICquqGo5M3SjdDjPXVPg-_I>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdeftdegvdelucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf
    gurhepkfffgggfuffvvehfhfgjtgfgsehtkeertddtvdejnecuhfhrohhmpefrvghtvghr
    ucfgihhsvghnthhrrghuthcuoehpvghtvghrsegvihhsvghnthhrrghuthdrohhrgheqne
    cuggftrfgrthhtvghrnhepjefhveehtdetgfffhffhfeefgffghffflefgieeuueekhedv
    hedvfeehffdvfeeunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh
    hfrhhomhepphgvthgvrhesvghishgvnhhtrhgruhhtrdhorhhgpdhnsggprhgtphhtthho
    peegpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehlvghpihhhohhvsehgmhgrih
    hlrdgtohhmpdhrtghpthhtohepsghruhgtvgesmhhomhhjihgrnhdruhhspdhrtghpthht
    ohepjhgrtghksegsohhnrghtrghkrdhishdprhgtphhtthhopehpghhsqhhlqdhhrggtkh
    gvrhhssehpohhsthhgrhgvshhqlhdrohhrgh
X-ME-Proxy: <xmx:O626aRuNGX3-zNSNl5rUXws_CGLCAM6vI5oQ8gHR8lsYSchQjwREzg>
    <xmx:O626aVBkdSULsrSeivJoVhA5CQtZkmfTSWva7hlzn5beDcwJNLpweQ>
    <xmx:O626aRWk-x3Osrh2t-yjpg8x0SwHalRs82-v7So5vwSj7sdQcRAtDw>
    <xmx:O626abDwLAABuN3ETMFGM19iHlFU7EvGqUOsLthff87MiTBpgX-PiA>
    <xmx:PK26adCedv7GAqovMxNN6ADRTYn03B1_p6OX1PzdSFiWErnR33nNZyOh>
Feedback-ID: ie0a040ee:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 18 Mar 2026 09:48:42 -0400 (EDT)
Message-ID: <e6079ccd-64c0-492a-8f6f-8c8912fca278@eisentraut.org>
Date: Wed, 18 Mar 2026 14:48:41 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Read-only connection mode for AI workflows.
To: Andrei Lepikhov <lepihov@gmail.com>, Bruce Momjian <bruce@momjian.us>
Cc: Jack Bonatakis <jack@bonatak.is>,
 pgsql-hackers <pgsql-hackers@postgresql.org>
References: 
 <CADsUR0B9bcJQKYHyUMnWcODGzF5+AdeToawULkkTKfrq32Z-8w@mail.gmail.com>
 <64f1c69a-ceff-4b17-8298-58f255d075fc@gmail.com>
 <dde00623-b8e0-421b-a3f7-b149768894ef@app.fastmail.com>
 <fab6a5f3-df9f-4bd7-b2ac-434a17303547@gmail.com>
 <abh1LGa98D2Bpv-n@momjian.us>
 <cbcefd92-4f43-46ef-8c9f-0c45aa8dca77@gmail.com>
 <ablcmDxJ2sqdnf_L@momjian.us>
 <a17ffd88-10c1-41cf-bf40-ca5e99dcba2f@gmail.com>
Content-Language: de-DE, en-US
From: Peter Eisentraut <peter@eisentraut.org>
In-Reply-To: <a17ffd88-10c1-41cf-bf40-ca5e99dcba2f@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/e6079ccd-64c0-492a-8f6f-8c8912fca278%40eisentraut.org>
Precedence: bulk

On 17.03.26 15:05, Andrei Lepikhov wrote:
> On 17/3/26 14:52, Bruce Momjian wrote:
>> On Tue, Mar 17, 2026 at 11:04:25AM +0100, Andrei Lepikhov wrote:
>>> On 16/3/26 22:25, Bruce Momjian wrote:
>>>> On Mon, Mar 16, 2026 at 10:01:22PM +0100, Andrei Lepikhov wrote:
>>>>>> I do think the underlying problem of safely exposing databases to
>>>>>> automated agents is becoming increasingly common, so it seems like a
>>>>>> useful area to explore.
>>>>
>>>> I agree the need a read-only sessions is going to get more urgent with
>>>> MCP.  Why doesn't the community code have a read-only session option
>>>> that can't be changed?
>>>
>>> The pg_readonly project aims to answer this question: if it is easy and
>>> cheap to implement as an extension, why do we need to touch the core?
>>
>> I think it is a fundamental feature the database should have by default.
>>
> 
> Why wasn’t read-only mode set up like this from the start? - I haven’t 
> seen any other DBMSs, aside from SQLite, offer this kind of guarantee.
> If we want to move forward, it makes sense to use a session parameter 
> and add backend code to prevent violations.
> Postgres architecture looks well-suited for this feature. However, the 
> request is to block all backend changes, not just the usual XactReadOnly 
> limitations, but also things like vacuum, etc (temporary tables?). 
> Should we also consider cluster-wide restrictions?

Read-only mode is a transaction property, not an access control system.

If you want to control who can read what, there is an access control 
system for that.  If it's insufficient, let's enhance it.  But let's 
keep these things separate.