diff --git a/indexer.sh b/indexer.sh
index bb8a975..191115a 100755
--- a/indexer.sh
+++ b/indexer.sh
@@ -34,13 +34,19 @@ psql -v ON_ERROR_STOP=1 --username "$DB_USER" --dbname "$DB_NAME" --host "$DB_HO
   CREATE SCHEMA $NEW_SCHEMA_NAME;
   CREATE USER $NEW_DB_USER WITH PASSWORD '$DB_PASSWORD';
   GRANT ALL PRIVILEGES ON SCHEMA $NEW_SCHEMA_NAME TO $NEW_DB_USER;
-  GRANT ALL PRIVILEGES ON SCHEMA $NEW_SCHEMA_NAME TO $SQUID_READER_USER;
-  GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA $NEW_SCHEMA_NAME TO $SQUID_READER_USER;
-  GRANT ALL PRIVILEGES ON SCHEMA $NEW_SCHEMA_NAME TO $API_READER_USER;
-  GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA $NEW_SCHEMA_NAME TO $API_READER_USER;
   GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $NEW_DB_USER;
   ALTER USER $NEW_DB_USER SET search_path TO $NEW_SCHEMA_NAME;
-  
+
+  -- Grant schema usage to reader users
+  GRANT USAGE ON SCHEMA $NEW_SCHEMA_NAME TO $API_READER_USER, $SQUID_READER_USER;
+
+  -- Make squid_server_user able to grant permissions on objects in this schema
+  GRANT $NEW_DB_USER TO $DB_USER;
+
+  -- Set default privileges for tables created by NEW_DB_USER
+  ALTER DEFAULT PRIVILEGES FOR ROLE $NEW_DB_USER IN SCHEMA $NEW_SCHEMA_NAME
+    GRANT SELECT ON TABLES TO $API_READER_USER, $SQUID_READER_USER;
+
   -- Insert a new record into the indexers table
   INSERT INTO public.indexers (service, schema, db_user, created_at)
   VALUES ('$SERVICE_NAME', '$NEW_SCHEMA_NAME', '$NEW_DB_USER', NOW());