home User Guide Getting Started Help Center Documentation Community Training Certification
menu
close
settings
Looker keyboard_arrow_down
language keyboard_arrow_down
English
Français
Deutsch
日本語
search
print
PostgreSQL

Dialects that use these instructions

PostgreSQL, Google Cloud PostgreSQL, and Microsoft Azure PostgreSQL share database setup requirements as described on this page. However, for PostgreSQL on Heroku, see the PostgreSQL on Heroku documentation page.

Encrypting network traffic

Looker strongly recommends encrypting network traffic between the Looker application and your database. Consider one of the options described on the Enabling secure database access documentation page.

If you’re interested in using SSL encryption, see the PostgreSQL documentation.

Users and security

Change some_password_here to a unique, secure password:

CREATE USER looker WITH ENCRYPTED PASSWORD 'some_password_here'; GRANT CONNECT ON DATABASE database_name to looker; \c database_name GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO looker; GRANT SELECT ON ALL TABLES IN SCHEMA public TO looker;

If you’re using a schema other than public, run this command to grant usage permissions to Looker:

GRANT USAGE ON SCHEMA schema_name TO looker;

To make sure that future tables you add to the public schema are also available to the looker user, run these commands:

ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON tables TO looker; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON sequences TO looker;

Depending on your setup, the preceding commands may need to be altered. If another user or role is creating tables that the looker user needs future permissions for, you must specify a target role or user to apply the looker user’s permission grants for:

ALTER DEFAULT PRIVILEGES FOR USER <USER_WHO_CREATES_TABLES> IN SCHEMA public GRANT SELECT ON tables TO looker; ALTER DEFAULT PRIVILEGES FOR ROLE <ROLE_THAT_CREATES_TABLES> IN SCHEMA public GRANT SELECT ON sequences TO looker;

For example, if a web_app user creates tables and you want the looker user to be able to use those tables, you must run a GRANT statement to give the looker user permissions on tables that are created by the web_app user. The target role/user in this case is the web_app user, meaning we are targeting tables that are created by web_app so that the looker user can have permissions to read the tables. Here is an example:

ALTER DEFAULT PRIVILEGES FOR USER web_app IN SCHEMA public GRANT SELECT ON tables TO looker;

See ALTER DEFAULT PRIVILEGES on PostgresSQL’s website for more information.

Temp schema setup

Self-hosted Postgres

Create a schema owned by the looker user:

CREATE SCHEMA looker_scratch AUTHORIZATION looker;

Postgres on Amazon RDS

Create a scratch schema:

CREATE SCHEMA looker_scratch;

Change the ownership of the scratch schema to the looker user:

ALTER SCHEMA looker_scratch OWNER TO looker;

For PostgreSQL persistent derived tables to work, you must not be using Looker on top of a “hot swap” streaming replication database. You must be able to write to the database from outside the application.

Setting the search_path

Finally, you should set an appropriate search_path, which Looker’s SQL Runner uses to retrieve certain metadata from your database. Assuming you have created a user called looker, and a temp schema called looker_scratch, the command is:

ALTER USER looker SET search_path TO '$user',looker_scratch,schema_of_interest,public ^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^ include a comma-separated list of all schemas you'll use with Looker

Feature support

For Looker to support some features, your database dialect must also support them.

In Looker 21.16, PostgreSQL supports the following Looker features:

In Looker 21.16, Google Cloud PostgreSQL supports the following Looker features:

In Looker 21.16, Microsoft Azure PostgreSQL supports the following Looker features:

Next steps

After completing the database configuration, you can connect to the database from Looker using the directions on the Connecting Looker to your database documentation page.

Top