The database user should only be granted SELECT permissions on the specified database & tables you want to query.
Grafana does not validate that queries are safe so queries can contain any SQL statement. For example, statements
like DELETE FROM user;
and DROP TABLE user;
would be executed. To protect against this we
Highly recommmend you create a specific PostgreSQL user with restricted permissions.