pgEdge · tsivaprasad · May 4, 2026 · May 4, 2026
diff --git a/server/internal/api/apiv1/validate.go b/server/internal/api/apiv1/validate.go
@@ -414,15 +414,6 @@ func validateConnectAs(svc *api.ServiceSpec, dbUsers []*api.DatabaseUserSpec, pa
 
 	for _, u := range dbUsers {
 		if u.Username == svc.ConnectAs {
-			// For MCP with allow_writes, the connect_as user must be the db owner
-			if svc.ServiceType == "mcp" {
-				if allowWrites, ok := svc.Config["allow_writes"].(bool); ok && allowWrites {
-					if u.DbOwner == nil || !*u.DbOwner {
-						err := errors.New("allow_writes requires connect_as to reference a database_users entry with db_owner: true")
-						return []error{newValidationError(err, connectAsPath)}
-					}
-				}
-			}
 			return nil
 		}
 	}

diff --git a/server/internal/api/apiv1/validate_test.go b/server/internal/api/apiv1/validate_test.go
@@ -2100,8 +2100,7 @@ func TestValidateConnectAs(t *testing.T) {
 
 	t.Run("non-owner with allow_writes", func(t *testing.T) {
 		errs := validateConnectAs(baseSvc("app_read_only", true), dbUsers, nil)
-		assert.Len(t, errs, 1)
-		assert.ErrorContains(t, errs[0], "allow_writes requires connect_as to reference a database_users entry with db_owner: true")
+		assert.Empty(t, errs)
 	})
 
 	t.Run("empty connect_as", func(t *testing.T) {