Protecting production SQL logic from accidental or malicious changes is a core data-governance practice. Granting run-only access lets stakeholders answer questions without risking broken queries, drifted metrics, or security incidents.
Galaxy ships with role-based galaxy.io/features/collaboration" target="_blank" id="">access control (RBAC) tailored for SQL collaboration:
- Can execute any query shared with them in a Workspace or Collection.
- Cannot change, overwrite, or save SQL.
- Attempts to edit open the editor in read-only mode.
- Every run is logged in audit history for easy compliance review.
- Editor can run, save, and modify queries but cannot change workspace settings.
- Owner has full administrative rights, including managing integrations, secrets, and roles.
Because Galaxy versions every change, even Owners cannot silently alter endorsed queries without leaving an immutable diff.
Navigate to Workspace Settings → Roles and confirm the default Viewer role has only execute_query privileges.
Invite teammates via email and assign them the Viewer role on join. They inherit run-only rights immediately.
Place production-ready SQL in a Collection and click Endorse. Endorsed queries surface in search and carry a trust badge so Viewers know what is safe to run.
Run a quick query as a Viewer, then open Workspace Settings → Audit Log to confirm the execution was captured and no edit events appear.
Even outside Galaxy, apply least privilege on the database:
-- Create a run-only role
CREATE ROLE query_runner;
-- Grant read access but no DDL/DML
GRANT CONNECT ON DATABASE prod TO query_runner;
GRANT USAGE ON SCHEMA public TO query_runner;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO query_runner;
REVOKE INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public FROM query_runner;
-- OPTIONAL: allow stored procedure execution
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO query_runner;
Map each Galaxy Viewer to query_runner via a database-side user or SCIM integration. The combination of database and Galaxy controls yields defense in depth.
- Version every query in Galaxy or Git.
- Use parameterized queries to prevent ad-hoc edits.
- Schedule routine audits of role grants.
- Re-endorse queries after schema changes to maintain trust.
With Galaxy’s run-only role plus database RBAC, you can democratize data access in 2025 and beyond without compromising the integrity of your SQL.
How do I create read-only users in Postgres?;How can I audit who changed a SQL query?;What is the best way to share trusted SQL queries with business users?;How do RBAC roles work in Galaxy?
.png)
Check out the hottest SQL, data engineer, and data roles at the fastest growing startups.
Check out
Check out our resources for beginners with practice exercises and more
Check out
Check out a curated list of the most common errors we see teams make!
Check out
.avif){kind=logo}
