diff --git a/README.md b/README.md
index 3cad0d9..973368d 100644
--- a/README.md
+++ b/README.md
@@ -568,17 +568,12 @@ we can't write new data to it. The whole database cluster will be replicated.
 
 #### Database permissions
 
-Since we are using a role ${REPLICATION_USER}, we need to ensure that it has access to all
-the tables in a particular schema. So if a user adds another schema called `data`
-to the database `gis` he also has to update the permission for the user
-with the following SQL assuming the ${REPLICATION_USER} is called replicator
+The role ${REPLICATION_USER} uses the default group role `pg_read_all_data`.
+You can read more about this from the [PostgreSQL documentation](https://www.postgresql.org/docs/14/predefined-roles.html)
 
-```sql
-ALTER DEFAULT PRIVILEGES IN SCHEMA data GRANT SELECT ON TABLES TO replicator;
-```
-
-**NB** You need to set up a strong password for replication otherwise the
-default password for ${REPLICATION_USER} will default to `replicator`
+**NB** If you do not pass the env variable `-e REPLICATION_PASS` a random strong
+password will be generated. This is visible in the startup logs as well
+as a text file within the container in `/tmp`.
 
 To experiment with the replication abilities, you can see a [docker-compose.yml](sample/replication/docker-compose.yml)
 sample. There are several environment variables that you can set, such as:
diff --git a/scripts/setup-database.sh b/scripts/setup-database.sh
index 26d72c7..3bc0837 100644
--- a/scripts/setup-database.sh
+++ b/scripts/setup-database.sh
@@ -122,7 +122,6 @@ for db in $(echo ${POSTGRES_DBNAME} | tr ',' ' '); do
             echo "Loading legacy sql"
             su - postgres -c "psql ${db} -f ${SQLDIR}/legacy_minimal.sql" || true
             su - postgres -c "psql ${db} -f ${SQLDIR}/legacy_gist.sql" || true
-            PGPASSWORD=${POSTGRES_PASS} psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${REPLICATION_USER};"
             if [[ "$WAL_LEVEL" == 'logical' ]];then
               PGPASSWORD=${POSTGRES_PASS} psql ${db} -U ${POSTGRES_USER} -p 5432 -h localhost -c "CREATE PUBLICATION logical_replication;"
             fi
diff --git a/scripts/setup-user.sh b/scripts/setup-user.sh
index d296e3f..110711a 100644
--- a/scripts/setup-user.sh
+++ b/scripts/setup-user.sh
@@ -37,4 +37,4 @@ if [ -z "$RESULT_REPLICATION" ]; then
   COMMANDS="CREATE"
 fi
 su - postgres -c "psql postgres -c \"$COMMANDS USER $REPLICATION_USER WITH REPLICATION ENCRYPTED PASSWORD '$REPLICATION_PASS';\""
-
+su - postgres -c "psql postgres -c \"GRANT pg_read_all_data TO $REPLICATION_USER;\""