> ## Documentation Index > Fetch the complete documentation index at: https://notikaai.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # PostgreSQL > How to connect your Postgres database to Dreamlit. export const OpenAccordionsOnHash = () => { useEffect(() => { const normalizeHash = hash => { const raw = (hash || "").replace(/^#/, ""); try { return decodeURIComponent(raw); } catch { return raw; } }; const openAccordionAncestors = element => { let detailsElement = element?.closest?.("details.accordion") ?? null; while (detailsElement) { detailsElement.open = true; detailsElement = detailsElement.parentElement?.closest?.("details.accordion") ?? null; } }; const tryOpenForHash = () => { const targetId = normalizeHash(window.location.hash); if (!targetId) return; let remainingAttempts = 10; const attempt = () => { const target = document.getElementById(targetId); if (target) { openAccordionAncestors(target); const targetAfterOpen = document.getElementById(targetId); targetAfterOpen?.scrollIntoView?.({ block: "start" }); return; } remainingAttempts -= 1; if (remainingAttempts <= 0) return; (window.requestAnimationFrame ?? window.setTimeout)(attempt); }; attempt(); }; tryOpenForHash(); window.addEventListener("hashchange", tryOpenForHash); return () => window.removeEventListener("hashchange", tryOpenForHash); }, []); return null; }; export const PostgresNewSchemaGrant = () => { const [schema, setSchema] = useState("public"); const [role, setRole] = useState("dreamlit_app"); const [owner, setOwner] = useState("postgres"); const [copyLabel, setCopyLabel] = useState("Copy SQL"); const inputStyle = { padding: "6px 8px", border: "1px solid #d1d5db", borderRadius: 6, fontSize: 13, width: "100%", boxSizing: "border-box" }; const labelStyle = { fontSize: 12, fontWeight: 600, color: "#374151", marginBottom: 4 }; const quoteIdent = v => `"${v.replace(/"/g, '""')}"`; const sql = useMemo(() => { const schemaIdent = quoteIdent(schema.trim() || "public"); const roleIdent = quoteIdent(role.trim() || "dreamlit_app"); const ownerIdent = quoteIdent(owner.trim() || "postgres"); return `-- Run as the role that owns/creates tables in this schema (usually ${ownerIdent}) GRANT USAGE ON SCHEMA ${schemaIdent} TO ${roleIdent}; GRANT SELECT, TRIGGER ON ALL TABLES IN SCHEMA ${schemaIdent} TO ${roleIdent}; GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA ${schemaIdent} TO ${roleIdent}; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA ${schemaIdent} TO ${roleIdent}; ALTER DEFAULT PRIVILEGES FOR ROLE ${ownerIdent} IN SCHEMA ${schemaIdent} GRANT SELECT, TRIGGER ON TABLES TO ${roleIdent}; ALTER DEFAULT PRIVILEGES FOR ROLE ${ownerIdent} IN SCHEMA ${schemaIdent} GRANT USAGE, SELECT ON SEQUENCES TO ${roleIdent}; ALTER DEFAULT PRIVILEGES FOR ROLE ${ownerIdent} IN SCHEMA ${schemaIdent} GRANT EXECUTE ON FUNCTIONS TO ${roleIdent};`; }, [schema, role, owner]); const handleCopy = async () => { try { await navigator.clipboard.writeText(sql); setCopyLabel("Copied!"); setTimeout(() => setCopyLabel("Copy SQL"), 1800); } catch { setCopyLabel("Copy failed"); setTimeout(() => setCopyLabel("Copy SQL"), 1800); } }; return
Schema
setSchema(e.target.value)} placeholder="public" style={inputStyle} />
Dreamlit role
setRole(e.target.value)} placeholder="dreamlit_app" style={inputStyle} />
Table-owner role
setOwner(e.target.value)} placeholder="postgres" style={inputStyle} />
SQL
          {sql}
; }; export const PostgresSqlBuilder = () => { const TABLE_OWNER_DEFAULT = "postgres"; const TABLE_OWNER_NEON = "neondb_owner"; const HOST_HINT_DEFAULT = "db.example.com"; const HOST_HINT_NEON = "ep-sunny-lake-123456.us-east-2.aws.neon.tech"; const [dbName, setDbName] = useState("postgres"); const [dbNameAutoSet, setDbNameAutoSet] = useState(false); const [role, setRole] = useState("dreamlit_app"); const [schemas, setSchemas] = useState("public"); const [tableCreators, setTableCreators] = useState(TABLE_OWNER_DEFAULT); const [tableOwnerAutoSet, setTableOwnerAutoSet] = useState(false); const [includeRls, setIncludeRls] = useState(false); const [useAllSchemas, setUseAllSchemas] = useState(true); const [copyLabel, setCopyLabel] = useState("Copy SQL"); const [showTooltip, setShowTooltip] = useState(false); const [showRlsTooltip, setShowRlsTooltip] = useState(false); const [isGenerated, setIsGenerated] = useState(false); const [showAdvanced, setShowAdvanced] = useState(false); const passwordPlaceholder = "[[REPLACE_WITH_PASSWORD]]"; const [host, setHost] = useState(""); const [port, setPort] = useState("5432"); const [connectionCopyLabel, setConnectionCopyLabel] = useState("Copy Connection String"); const [hostError, setHostError] = useState(""); const validateHost = value => { if (!value.trim()) return ""; const trimmed = value.trim(); if ((/\s/).test(trimmed)) { return "Host cannot contain spaces"; } if ((/^https?:\/\//i).test(trimmed)) { return "Enter just the hostname without http:// or https://"; } if ((/^(\[[^\]]+\]|[^:]+):\d{1,5}$/).test(trimmed)) { return "Move the :port part into the Port field"; } if (trimmed.includes("/")) { return "Enter just the hostname without any path"; } const hostnameRegex = /^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$/; const ipv4Regex = /^(25[0-5]|2[0-4]\d|1?\d?\d)(\.(25[0-5]|2[0-4]\d|1?\d?\d)){3}$/; const isLikelyIpv6 = candidate => { if (!candidate.includes(":")) return false; const raw = candidate.replace(/^\[/, "").replace(/\]$/, ""); const segments = raw.split(":"); if (segments.length < 3 || segments.length > 8) return false; return segments.every(seg => seg === "" || (/^[0-9a-fA-F]{0,4}$/).test(seg)); }; if (ipv4Regex.test(trimmed) || isLikelyIpv6(trimmed)) return ""; if (!hostnameRegex.test(trimmed)) return "Invalid hostname format"; const isLocalhost = (/^localhost$/i).test(trimmed); const hasDot = trimmed.includes("."); if (!hasDot && !isLocalhost) { return "Use a full hostname like db.example.com"; } return ""; }; const handleHostChange = e => { const value = e.target.value; setHost(value); setHostError(validateHost(value)); }; const isHostMissing = !host.trim(); const canGenerate = !isHostMissing && !hostError; const generateHint = isHostMissing ? "Enter a host to generate" : hostError || ""; const connectionHint = hostError || (!host.trim() ? "Enter a host to generate" : ""); const inputStyle = { padding: "6px 8px", border: "1px solid #d1d5db", borderRadius: 6, fontSize: 13, width: "100%", boxSizing: "border-box" }; const textStyle = { padding: "6px 8px", border: "1px solid #d1d5db", borderRadius: 6, fontSize: 13, minHeight: 56, width: "100%", boxSizing: "border-box", resize: "vertical" }; const labelStyle = { fontSize: 12, fontWeight: 600, color: "#374151", marginBottom: 4 }; const sanitizeList = (value, fallback) => { const items = value.split(/[,\n]/).map(v => v.trim()).filter(Boolean); return items.length ? items : fallback; }; const quoteIdent = value => `"${value.replace(/"/g, '""')}"`; const quoteLiteral = value => `'${value.replace(/'/g, "''")}'`; const handleUseAllSchemasChange = checked => { setUseAllSchemas(checked); }; const {displaySql, copySql} = useMemo(() => { const roleRaw = role.trim() || "dreamlit_app"; const dbRaw = dbName.trim() || "postgres"; const schemaList = sanitizeList(schemas, ["public"]); const tableCreatorList = sanitizeList(tableCreators, ["postgres"]); const parentRole = tableCreatorList[0] || "postgres"; const targetSchemas = useAllSchemas ? [] : schemaList; const sweepComment = useAllSchemas ? "Grant permissions on existing schemas" : "Grant permissions on selected schemas"; const roleIdent = quoteIdent(roleRaw); const roleLiteral = quoteLiteral(roleRaw); const parentRoleLiteral = quoteLiteral(parentRole); const passwordToken = passwordPlaceholder; const buildSql = passwordToken => { const statements = []; statements.push(`-- Create the dreamlit_app user DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = ${roleLiteral}) THEN CREATE ROLE ${roleIdent} WITH LOGIN PASSWORD ${passwordToken} INHERIT; ELSE ALTER ROLE ${roleIdent} WITH LOGIN PASSWORD ${passwordToken} INHERIT; END IF; END $$ LANGUAGE plpgsql;`); statements.push(`-- Grant database-level privileges GRANT CONNECT, CREATE, TEMP ON DATABASE ${quoteIdent(dbRaw)} TO ${roleIdent}; CREATE EXTENSION IF NOT EXISTS pgcrypto;`); if (!useAllSchemas) { targetSchemas.forEach(schema => { const schemaIdent = quoteIdent(schema); statements.push(`-- Grants for schema ${schema} GRANT USAGE ON SCHEMA ${schemaIdent} TO ${roleIdent}; GRANT SELECT, TRIGGER ON ALL TABLES IN SCHEMA ${schemaIdent} TO ${roleIdent}; GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA ${schemaIdent} TO ${roleIdent}; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA ${schemaIdent} TO ${roleIdent};`); }); } const sweepWhere = useAllSchemas ? `WHERE nspname NOT IN ('pg_catalog', 'information_schema', 'auth') AND nspname NOT LIKE 'pg_toast%'` : `WHERE nspname = ANY (ARRAY[${schemaList.map(quoteLiteral).join(", ")}]) AND nspname NOT IN ('pg_catalog', 'information_schema', 'auth') AND nspname NOT LIKE 'pg_toast%'`; statements.push(`-- ${sweepComment} (run as ${parentRole}) DO $$ DECLARE target_role text := ${roleLiteral}; parent_role text := NULLIF(${parentRoleLiteral}, ''); parent_role_oid oid := CASE WHEN parent_role IS NULL THEN NULL ELSE (SELECT oid FROM pg_roles WHERE rolname = parent_role) END; schema_record record; BEGIN IF parent_role IS NOT NULL AND parent_role_oid IS NULL THEN RAISE NOTICE 'Role % not found; continuing grants without parent filter', parent_role; END IF; FOR schema_record IN SELECT nspname FROM pg_namespace ${sweepWhere} LOOP IF parent_role_oid IS NULL OR has_schema_privilege(parent_role_oid, schema_record.nspname, 'USAGE') THEN EXECUTE format('GRANT USAGE ON SCHEMA %I TO %I', schema_record.nspname, target_role); EXECUTE format('GRANT SELECT, TRIGGER ON ALL TABLES IN SCHEMA %I TO %I', schema_record.nspname, target_role); EXECUTE format('GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA %I TO %I', schema_record.nspname, target_role); EXECUTE format('GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA %I TO %I', schema_record.nspname, target_role); END IF; END LOOP; END $$ LANGUAGE plpgsql;`); tableCreatorList.forEach(owner => { const ownerIdent = quoteIdent(owner); const ownerLiteral = quoteLiteral(owner); statements.push(`-- Ensure future schemas/objects created by ${owner} are accessible DO $$ DECLARE target_role text := ${roleLiteral}; owner_role text := NULLIF(${ownerLiteral}, ''); owner_oid oid := CASE WHEN owner_role IS NULL THEN NULL ELSE (SELECT oid FROM pg_roles WHERE rolname = owner_role) END; BEGIN IF owner_role IS NULL OR owner_oid IS NULL THEN RAISE NOTICE 'Skipping default privileges: role % not found', owner_role; ELSE EXECUTE format('ALTER DEFAULT PRIVILEGES FOR ROLE %I GRANT USAGE ON SCHEMAS TO %I', owner_role, target_role); EXECUTE format('ALTER DEFAULT PRIVILEGES FOR ROLE %I GRANT SELECT, TRIGGER ON TABLES TO %I', owner_role, target_role); EXECUTE format('ALTER DEFAULT PRIVILEGES FOR ROLE %I GRANT USAGE, SELECT ON SEQUENCES TO %I', owner_role, target_role); EXECUTE format('ALTER DEFAULT PRIVILEGES FOR ROLE %I GRANT EXECUTE ON FUNCTIONS TO %I', owner_role, target_role); END IF; END $$ LANGUAGE plpgsql;`); }); if (includeRls) { const baseSchemaFilter = `schemaname NOT IN ('pg_catalog', 'information_schema') AND schemaname NOT LIKE 'pg_toast%' AND schemaname NOT LIKE 'pg_temp_%'`; const schemaFilter = useAllSchemas ? baseSchemaFilter : `${baseSchemaFilter} AND schemaname = ANY (ARRAY[${schemaList.map(quoteLiteral).join(", ")}])`; statements.push(`-- Add permissive SELECT policies (effective when RLS is enabled) DO $$ DECLARE target_role text := ${roleLiteral}; parent_role text := NULLIF(${parentRoleLiteral}, ''); parent_role_oid oid := CASE WHEN parent_role IS NULL THEN NULL ELSE (SELECT oid FROM pg_roles WHERE rolname = parent_role) END; policy_base text := regexp_replace(target_role, '[^a-zA-Z0-9]+', '_', 'g'); policy_reserved_len constant integer := length('dreamlit__select_policy'); policy_suffix_budget constant integer := 63 - policy_reserved_len; policy_suffix text; policy_name text; table_record record; schema_is_accessible boolean; BEGIN -- PostgreSQL identifiers max out at 63 bytes; keep suffix + hash within the remaining budget. IF length(policy_base) <= policy_suffix_budget THEN policy_suffix := policy_base; ELSE policy_suffix := substring(policy_base for GREATEST(policy_suffix_budget - 9, 0)) || '_' || substring(md5(policy_base), 1, 8); END IF; policy_name := lower(format('dreamlit_%s_select_policy', policy_suffix)); FOR table_record IN SELECT schemaname, tablename FROM pg_tables WHERE ${schemaFilter} AND rowsecurity = true LOOP schema_is_accessible := parent_role_oid IS NULL OR has_schema_privilege(parent_role_oid, table_record.schemaname, 'USAGE'); IF schema_is_accessible THEN BEGIN EXECUTE format( 'DROP POLICY IF EXISTS %I ON %I.%I', policy_name, table_record.schemaname, table_record.tablename ); EXECUTE format( 'CREATE POLICY %I ON %I.%I FOR SELECT TO %I USING (true)', policy_name, table_record.schemaname, table_record.tablename, target_role ); EXCEPTION WHEN others THEN RAISE NOTICE 'Skipping Dreamlit RLS policy for %.%: %', table_record.schemaname, table_record.tablename, SQLERRM; END; END IF; END LOOP; END $$ LANGUAGE plpgsql;`); } return statements.join("\n\n").trim(); }; const sql = buildSql(passwordToken); return { displaySql: sql, copySql: sql }; }, [dbName, role, schemas, tableCreators, includeRls, useAllSchemas]); const handleGenerate = () => { if (!canGenerate) return; setIsGenerated(true); }; const {displayConnectionString, copyConnectionString, isConnectionReady} = useMemo(() => { const roleRaw = role.trim() || "dreamlit_app"; const passwordRaw = passwordPlaceholder; const hostRaw = host.trim(); const portRaw = port.trim() || "5432"; const dbRaw = dbName.trim() || "postgres"; const isReady = Boolean(hostRaw && !validateHost(hostRaw)); const formatHostForUrl = rawHost => { if (!rawHost) return ""; const needsBrackets = rawHost.includes(":") && !(rawHost.startsWith("[") && rawHost.endsWith("]")); return needsBrackets ? `[${rawHost}]` : rawHost; }; const buildDisplayString = () => { if (!hostRaw) return ""; return `postgresql://${roleRaw}:${passwordRaw}@${formatHostForUrl(hostRaw)}:${portRaw}/${dbRaw}`; }; const buildCopyString = () => { if (!hostRaw) return ""; const encodedUser = encodeURIComponent(roleRaw); const encodedPassword = ""; return `postgresql://${encodedUser}:${encodedPassword}@${formatHostForUrl(hostRaw)}:${portRaw}/${dbRaw}`; }; return { displayConnectionString: buildDisplayString(), copyConnectionString: buildCopyString(), isConnectionReady: isReady }; }, [role, host, port, dbName, passwordPlaceholder]); const handleCopyConnectionString = async () => { try { await navigator.clipboard.writeText(copyConnectionString); setConnectionCopyLabel("Copied!"); setTimeout(() => setConnectionCopyLabel("Copy Connection String"), 1800); } catch { setConnectionCopyLabel("Copy failed"); setTimeout(() => setConnectionCopyLabel("Copy Connection String"), 1800); } }; const handleCopy = async () => { try { await navigator.clipboard.writeText(copySql); setCopyLabel("Copied!"); setTimeout(() => setCopyLabel("Copy SQL"), 1800); } catch { setCopyLabel("Copy failed"); setTimeout(() => setCopyLabel("Copy SQL"), 1800); } }; useEffect(() => { setIsGenerated(false); }, [dbName, role, host, port, schemas, tableCreators, useAllSchemas, includeRls]); const isNeonHost = host.trim().toLowerCase().includes("neon.tech"); useEffect(() => { if (isNeonHost) { const owner = tableCreators.trim().toLowerCase(); if (!tableOwnerAutoSet && (owner === "" || owner === TABLE_OWNER_DEFAULT)) { setTableCreators(TABLE_OWNER_NEON); setTableOwnerAutoSet(true); } const loweredDb = dbName.trim().toLowerCase(); if (!dbNameAutoSet && (loweredDb === "" || loweredDb === "postgres")) { setDbName("neondb"); setDbNameAutoSet(true); } } else { if (tableOwnerAutoSet && tableCreators.trim().toLowerCase() === TABLE_OWNER_NEON) { setTableCreators(TABLE_OWNER_DEFAULT); } if (dbNameAutoSet && dbName.trim().toLowerCase() === "neondb") { setDbName("postgres"); } setTableOwnerAutoSet(false); setDbNameAutoSet(false); } }, [isNeonHost, tableCreators, tableOwnerAutoSet, dbName, dbNameAutoSet]); const hostPlaceholder = isNeonHost ? HOST_HINT_NEON : HOST_HINT_DEFAULT; return
{} {}
Host
{hostError &&

{hostError}

}
Port
setPort(e.target.value)} placeholder="5432" style={inputStyle} /> {}
Use your provider's{" "} direct database host (not a pooler host).
Dreamlit user name
setRole(e.target.value)} placeholder="dreamlit_app" style={inputStyle} />
Database name
{ setDbName(e.target.value); setDbNameAutoSet(false); }} placeholder="postgres" style={inputStyle} />
{} {showAdvanced &&
Grant scope
{!useAllSchemas &&