Postgres permissions are vanilla. If you are familiar with Postgres permissions, use as needed. If you are not familiar with Postgres permissions, we encourage you to use the 'admin' user provided. This will ensure your database behaves as you expect.
When viewing your deployment use the "Security" tab and the "Whitelist TCP/HTTP IPs" functionality to restrict access to particular IP addresses. This works because each Compose's Postgres deployment run inside a private network. The portal to this network is via haproxy.
SSL is available by default. To connect using SSL, most drivers will expect a
sslmode=require setting. Check your driver documentation for specific information.
When deploying Postgres, it will launch with the latest 9.4 minor version.
If this article didn't solve things, summon a human and get some help!