Granting the role is impossible because of the "managed" nature of the service. This is understandable, however this creates so much headache when trying to create a read only user. Other providers offer a "create read only user" functionality in the UI to go around this limitation. It would be appreciated so much if we could get this in DO. Currently altering default privileges does not work for me, so everytime there's a new table I need to run the "GRANT SELECT ON ALL TABLES IN SCHEMA public TO username;" again and all my read only analytics software are broken until I run that command.

Additionally, even I purchased a read-replica, I encountered the same issue. The read-replica and the original database have the same set of users, so I still need to set up a separate read-only user for my analytics software. If I were to use my main database login for the analytics on the read-replica, there's a risk that it might access and alter the main database, especially if the main database's address gets exposed. Having a special user to that read replica would solve that issue.

I really feel like this managed service is close to perfect, but we really need read only user that are easy to manage please.

Being able to grant the "pg_read_all_data" role would be highly beneficial for backup programs so we're able to backup the entire database cluster.