Make new transactions read-only by default.
At a glance
| Property | Value |
|---|---|
| Parameter | default_transaction_read_only |
| Category | Client Defaults |
| Default | off |
| Value type | boolean / enum / numeric |
| Change scope | Per-session (SET) |
What it does
When on, transactions default to read-only and reject writes unless explicitly set read-write.
How to apply a change
Can be set per session with SET, per role/database with ALTER ROLE/DATABASE ... SET, or globally in postgresql.conf.
Inspect the current value and source with SHOW default_transaction_read_only; or SELECT name, setting, unit, context, source FROM pg_settings WHERE name = 'default_transaction_read_only';.
Tuning guidance
Set on for reporting roles or read replicas at the role level to prevent accidental writes.