diff --git a/build/charts/theia/README.md b/build/charts/theia/README.md
index ca329c92..f198cefc 100644
--- a/build/charts/theia/README.md
+++ b/build/charts/theia/README.md
@@ -26,7 +26,7 @@ Kubernetes: `>= 1.16.0-0`
 | clickhouse.cluster.replicas | int | `1` | Number of ClickHouse replicas in each shard. |
 | clickhouse.cluster.shards | int | `1` | Number of ClickHouse shards in the cluster. |
 | clickhouse.cluster.zookeeperHosts | list | `[]` | To use a pre-installed ZooKeeper for ClickHouse data replication, please provide a list of your ZooKeeper hosts. To install a customized ZooKeeper, refer to <https://github.com/Altinity/clickhouse-operator/blob/master/docs/zookeeper_setup.md> |
-| clickhouse.connectionSecret | object | `{"password":"clickhouse_operator_password","username":"clickhouse_operator"}` | Credentials to connect to ClickHouse. They will be stored in a secret. |
+| clickhouse.connectionSecret | object | `{"password":"clickhouse_operator_password","readOnlyPassword":"readonly_password","readOnlyUsername":"readonly","username":"clickhouse_operator"}` | Credentials to connect to ClickHouse. They will be stored in a secret. |
 | clickhouse.image | object | `{"pullPolicy":"IfNotPresent","repository":"projects.registry.vmware.com/antrea/theia-clickhouse-server","tag":""}` | Container image used by ClickHouse. |
 | clickhouse.logger.count | int | `4` | The number of archived log files that ClickHouse stores. |
 | clickhouse.logger.level | string | `"information"` | Logging level. Acceptable values: trace, debug, information, warning, error. |
diff --git a/build/charts/theia/templates/clickhouse/clickhouseinstallation.yaml b/build/charts/theia/templates/clickhouse/clickhouseinstallation.yaml
index 1b52b04a..38781ea8 100644
--- a/build/charts/theia/templates/clickhouse/clickhouseinstallation.yaml
+++ b/build/charts/theia/templates/clickhouse/clickhouseinstallation.yaml
@@ -11,6 +11,11 @@ spec:
     users:
       {{ .Values.clickhouse.connectionSecret.username }}/k8s_secret_password: {{ .Release.Namespace }}/clickhouse-secret/password
       {{ .Values.clickhouse.connectionSecret.username }}/networks/ip: "::/0"
+      {{ .Values.clickhouse.connectionSecret.readOnlyUsername }}/k8s_secret_password: {{ .Release.Namespace }}/clickhouse-secret/readOnlyPassword
+      {{ .Values.clickhouse.connectionSecret.readOnlyUsername }}/profile: readonly
+      {{ .Values.clickhouse.connectionSecret.readOnlyUsername }}/networks/ip: "::/0"
+    profiles:
+      readonly/readonly: 1
     clusters:
       - name: "clickhouse"
         layout:
diff --git a/build/charts/theia/templates/clickhouse/secret.yaml b/build/charts/theia/templates/clickhouse/secret.yaml
index 6cdffba9..ba1ec108 100644
--- a/build/charts/theia/templates/clickhouse/secret.yaml
+++ b/build/charts/theia/templates/clickhouse/secret.yaml
@@ -7,3 +7,5 @@ type: Opaque
 stringData:
   username: {{ .Values.clickhouse.connectionSecret.username }}
   password: {{ .Values.clickhouse.connectionSecret.password }}
+  readOnlyUsername: {{ .Values.clickhouse.connectionSecret.readOnlyUsername }}
+  readOnlyPassword: {{ .Values.clickhouse.connectionSecret.readOnlyPassword }}
diff --git a/build/charts/theia/values.yaml b/build/charts/theia/values.yaml
index bc88df2f..279f1f83 100644
--- a/build/charts/theia/values.yaml
+++ b/build/charts/theia/values.yaml
@@ -35,8 +35,10 @@ clickhouse:
       tag: ""
   # -- Credentials to connect to ClickHouse. They will be stored in a secret.
   connectionSecret:
-    username : "clickhouse_operator"
+    username: "clickhouse_operator"
     password: "clickhouse_operator_password"
+    readOnlyUsername: "readonly"
+    readOnlyPassword: "readonly_password"
   service:
     # -- The type of Service exposing ClickHouse. It can be one of ClusterIP,
     # NodePort or LoadBalancer.
diff --git a/build/yamls/flow-visibility.yml b/build/yamls/flow-visibility.yml
index cc313e23..6e3ac8da 100644
--- a/build/yamls/flow-visibility.yml
+++ b/build/yamls/flow-visibility.yml
@@ -6633,6 +6633,8 @@ metadata:
   namespace: flow-visibility
 stringData:
   password: clickhouse_operator_password
+  readOnlyPassword: readonly_password
+  readOnlyUsername: readonly
   username: clickhouse_operator
 type: Opaque
 ---
@@ -7148,6 +7150,8 @@ spec:
         replicasCount: 1
         shardsCount: 1
       name: clickhouse
+    profiles:
+      readonly/readonly: 1
     settings:
       logger/count: 4
       logger/level: information
@@ -7155,6 +7159,9 @@ spec:
     users:
       clickhouse_operator/k8s_secret_password: flow-visibility/clickhouse-secret/password
       clickhouse_operator/networks/ip: ::/0
+      readonly/k8s_secret_password: flow-visibility/clickhouse-secret/readOnlyPassword
+      readonly/networks/ip: ::/0
+      readonly/profile: readonly
     zookeeper:
       nodes:
       - host: zookeeper.flow-visibility