Is this the same as a read-only Postgres role?

It enforces the same outcome and more. A role cannot give you table and column allowlists, PII masking, query budgets, a kill-switch, or a per-statement audit trail. PgBeam does, per credential, without touching your database roles.

Can I allow writes to just one table?

Yes. Read-only is the default; you can allow writes to specific tables and columns, and hold writes or DDL for human approval.

Does it work with my Postgres?

Yes. Enforcement is at the wire, so it works with RDS, Aurora, self-hosted, or any managed provider, with no extension to install.

Least privilege

Read-only Postgres for AI agents

Block every INSERT, UPDATE, DELETE, and DDL per credential. Reads pass, writes are rejected in the wire protocol before they ever reach your database. No database role juggling.

Get Started Read the docs

Postgres roles can enforce read-only, but managing a role per agent across databases is fiddly, and a role does not give you allowlists, masking, budgets, or an audit trail. PgBeam enforces read-only per credential at the wire, so a write never reaches the database, and layers the rest of the policy on top.

Writes blocked before they land

Mark a credential read-only and every INSERT, UPDATE, DELETE, and DDL is rejected in the proxy. The statement never reaches your database, and the agent gets an LLM-readable reason it can act on.

An UPDATE or DELETE without a WHERE clause is blocked outright for agent credentials, so a mistaken statement cannot rewrite a whole table even where writes are allowed.

More than a role

Read-only is the floor. Add table and column allowlists, row-level WHERE filters, PII masking, and query budgets to the same credential.

Policies stream to the proxy and hot-reload, so flipping a credential between read-only and read-write takes effect on the next query, with no role changes in the database.

Per-credential

Read-only is set on the credential, not the database role, and changes instantly.

Allowlists

Restrict reads to the exact schemas, tables, and columns the agent should see.

Row-level policies

Scope an agent to a slice of a table with a WHERE filter applied to every read.

Audited

Every blocked write and allowed read is recorded with its reason.

More ways to use PgBeam

A hosted MCP server for Postgres Give Claude and Cursor safe database access PII masking for LLM database access Safe Postgres for AI analytics agents Safe Postgres for customer-support copilots Safe Postgres for autonomous workflows

Questions

Give your agent safe Postgres access

Start with a 14-day free trial. No credit card required.

Technical preview. For internal testing only.

Get Started