Securely expose your PostgreSQL database to Looker and grant the minimum permissions Looker needs to query data for dashboards.
Connecting Looker to PostgreSQL lets analysts build self-serve dashboards while engineers keep full control of the database.Real-time data stays in Postgres; Looker only issues read-only SQL.
You need a reachable PostgreSQL instance (v9.6+) with SSL enabled, a Looker account with admin rights, and a database user that has SELECT access to the schemas you want to expose.
Run CREATE ROLE looker_user LOGIN PASSWORD 'strongPW';
then grant connection and read rights with the syntax below.Limiting permissions avoids accidental data changes.
Looker needs host, port, database, username, password, SSL mode, and optional SSH tunnel info. Default port is 5432 and SSL Mode should be require
or verify-full
.
Add Looker’s outbound IP ranges to your firewall or cloud-provider security group.Without whitelisting, the handshake will fail even if credentials are correct.
Navigate to Admin → Connections → New Connection, pick PostgreSQL, fill the fields, test, then save. Looker will inspect available schemas and start generating PDTs if enabled.
Yes—grant USAGE on the schemas you want (public
, analytics
) and REVOKE USAGE on the rest.Looker will only see tables in schemas it can access.
Use SSL, rotate passwords regularly, monitor query load, and create dedicated replica endpoints to protect OLTP performance. Enable Statement Timeout to avoid runaway Looker queries.
.
Yes. Point the connection host to a read-replica endpoint to offload analytics workloads from your primary.
After altering tables, click "Rebuild PDTs and Cache" or run SELECT looker_refresh();
if you created a helper function.
Absolutely. Provide the bastion host, port, user, and private key in Looker’s SSH section. Traffic will route through the tunnel before reaching Postgres.