A good security practice is to run Odoo using a dedicated user, with no special privileges on the system.
We need to create the system and database users for that:
$ sudo adduser --disabled-password --gecos "Odoo" odoo $ sudo su -c "createuser odoo" postgres $ createdb --owner=odoo odoo-prod
Here, odoo is the username and odoo-prod is the name of the database supporting our Odoo instance.
The odoo user was made the owner of the odoo-prod database. This means that it has create and drop privileges over that database, including the ability to drop the full database. If you are running a multitenant server, you should create an odoo-like specific system user for each tenant.