diff --git a/.env-devel b/.env-devel
index 2b9d247dabe..8207e9f8bf6 100644
--- a/.env-devel
+++ b/.env-devel
@@ -154,7 +154,7 @@ POSTGRES_PORT=5432
 POSTGRES_USER=scu
 
 POSTGRES_READONLY_PASSWORD=readonly
-POSTGRES_READONLY_USER=readonly
+POSTGRES_READONLY_USER=postgres_readonly
 
 
 RABBIT_HOST=rabbit
diff --git a/.gitignore b/.gitignore
index 288b98c73e4..3d31cbe7425 100644
--- a/.gitignore
+++ b/.gitignore
@@ -181,6 +181,3 @@ tests/public-api/osparc_python_wheels/*
 
 # osparc-config repo files
 repo.config
-
-# scripts resolved with .env s
-services/postgres/scripts/create-readonly-user.sql
diff --git a/.vscode/settings.template.json b/.vscode/settings.template.json
index 8df39917def..2de40f80ad6 100644
--- a/.vscode/settings.template.json
+++ b/.vscode/settings.template.json
@@ -9,11 +9,12 @@
   "files.associations": {
     ".*rc": "ini",
     ".env*": "ini",
+    "*.logs*": "log",
     "**/requirements/*.in": "pip-requirements",
     "**/requirements/*.txt": "pip-requirements",
     "*logs.txt": "log",
-    "*.logs*": "log",
     "*Makefile": "makefile",
+    "*sql.*": "sql",
     "docker-compose*.yml": "dockercompose",
     "Dockerfile*": "dockerfile"
   },
diff --git a/services/postgres/Makefile b/services/postgres/Makefile
index 5c2e8543472..f962ffec66c 100644
--- a/services/postgres/Makefile
+++ b/services/postgres/Makefile
@@ -7,8 +7,8 @@ ifneq (,$(wildcard $(DOT_ENV_FILE)))
 endif
 
 
-.PHONY: scripts/create-readonly-user.sql
-scripts/create-readonly-user.sql: scripts/create-readonly-user.sql.template
-	@echo "Generating SQL script from $<..."
+
+scripts/%.sql: scripts/%.sql.template
+	@echo "Generating SQL script from '$<'..."
 	@envsubst < $< > $@
-	@echo "SQL script generated as $@"
+	@echo "SQL script generated as '$@'"
diff --git a/services/postgres/scripts/.gitignore b/services/postgres/scripts/.gitignore
new file mode 100644
index 00000000000..9072771094f
--- /dev/null
+++ b/services/postgres/scripts/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitignore
+!*.template.*
diff --git a/services/postgres/scripts/remove-readonly-user.sql.template b/services/postgres/scripts/remove-readonly-user.sql.template
new file mode 100644
index 00000000000..5a1435ed978
--- /dev/null
+++ b/services/postgres/scripts/remove-readonly-user.sql.template
@@ -0,0 +1,16 @@
+-- Revoke all privileges the user has on the public schema
+REVOKE ALL PRIVILEGES ON SCHEMA public FROM ${POSTGRES_READONLY_USER};
+
+-- Revoke all privileges the user has on tables and sequences in the public schema
+REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM ${POSTGRES_READONLY_USER};
+REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM ${POSTGRES_READONLY_USER};
+
+-- Revoke any future privileges set via ALTER DEFAULT PRIVILEGES
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM ${POSTGRES_READONLY_USER};
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM ${POSTGRES_READONLY_USER};
+
+-- Drop the user
+DROP USER ${POSTGRES_READONLY_USER};
+
+-- Listing all users
+SELECT * FROM pg_roles;