diff --git a/db/migrations/000006_create_readonly_user.down.sql b/db/migrations/000006_create_readonly_user.down.sql
new file mode 100644
index 0000000..67801ad
--- /dev/null
+++ b/db/migrations/000006_create_readonly_user.down.sql
@@ -0,0 +1,5 @@
+DROP USER read_user;
+REVOKE CONNECT ON DATABASE db FROM readonly;
+REVOKE USAGE ON SCHEMA public FROM readonly;
+REVOKE SELECT ON ALL TABLES IN SCHEMA public FROM readonly;
+DROP ROLE readonly;
diff --git a/db/migrations/000006_create_readonly_user.up.sql b/db/migrations/000006_create_readonly_user.up.sql
new file mode 100644
index 0000000..c99ab4d
--- /dev/null
+++ b/db/migrations/000006_create_readonly_user.up.sql
@@ -0,0 +1,7 @@
+CREATE ROLE readonly;
+GRANT CONNECT ON DATABASE db TO readonly;
+GRANT USAGE ON SCHEMA public TO readonly;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
+
+CREATE USER read_user WITH PASSWORD 'read_user_pass';
+GRANT readonly TO read_user;
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index e021689..5cbb70d 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -26,8 +26,8 @@ services:
       - grafana-storage:/var/lib/grafana
     environment:
       PG_HOST: 'postgres:5432'
-      PG_USER: 'postgres'
-      PG_PASSWORD: 'pass'
+      PG_USER: 'read_user'
+      PG_PASSWORD: 'read_user_pass'
       PG_DB: 'db'
       PROM_USER: 'admin'
       PROM_HOST: 'http://prometheus:9090'
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index a6d5f45..f084e1b 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -42,8 +42,8 @@ services:
       - grafana-storage:/var/lib/grafana
     environment:
       PG_HOST: 'postgres:5432'
-      PG_USER: 'postgres'
-      PG_PASSWORD: 'pass'
+      PG_USER: 'read_user'
+      PG_PASSWORD: 'read_user_pass'
       PG_DB: 'db'
       PROM_USER: 'admin'
       PROM_HOST: 'http://prometheus:9090'