Least-Privilege Database Setup Guide

Use a dedicated schema and dedicated users. Do not use a superuser or a user that can access unrelated application tables.

CREATE SCHEMA IF NOT EXISTS instawebhook;
CREATE USER instawebhook_worker WITH PASSWORD 'replace-with-strong-password';
GRANT USAGE ON SCHEMA instawebhook TO instawebhook_worker;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA instawebhook TO instawebhook_worker;
ALTER DEFAULT PRIVILEGES IN SCHEMA instawebhook
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO instawebhook_worker;

CREATE USER instawebhook_audit WITH PASSWORD 'replace-with-strong-password';
GRANT USAGE ON SCHEMA instawebhook TO instawebhook_audit;
GRANT SELECT ON ALL TABLES IN SCHEMA instawebhook TO instawebhook_audit;

The worker user needs usage on the schema and table-level read/write permissions. The audit user is optional and read-only for guided verification. Rotate credentials from the dashboard and update the customer-hosted worker immediately after rotation.