A PostgreSQL MCP server can make database access feel almost magical. Ask a question in Claude, ChatGPT, Cursor, or another MCP client, and the agent can work with live data instead of waiting for a ticket, dashboard, or manual SQL handoff. That is useful. It is also risky if the MCP server is treated as “just a connector.” Before connecting AI clients to PostgreSQL through MCP, I would want at least this checklist in place. 1. Read-only by default Not “the prompt says don’t write.” Actual database-level read-only permissions. Use a dedicated PostgreSQL role for the MCP server and grant access only to the schemas, views, and functions the workflow needs. 2. Approved views over raw tables Raw production tables usually expose more detail than the workflow needs. Approved views can: hide sensitive columns pre-join common entities expose stable business definitions reduce schema noise make permissions easier to review 3. Schema context before queries PostgreSQL can expose table names and column types.…