diff --git a/tasks/main.yml b/tasks/main.yml
index 4e3a2e1e3d755cd366e71b3fce2f2ec5c8c37dd9..36e0e037db6fec41260ef2a4af3b841de9cc384d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -456,47 +456,45 @@
 # --------------------------------------------------
 # Postgres Readonly user
 # --------------------------------------------------
-# - name: Postgres Read-only user
-#   tags:
-#     - "db_remote_ro_user"
-#   when: item.value.odoo_remote_db_access | default(false)
-#   block:
-#       - name: Allow readonly user connection to prod db (with userns_remap)
-#         when: docker_userns_remap
-#         ansible.builtin.blockinfile:
-#             path: "/var/lib/docker/{{ dockremap_subuid }}.{{ dockremap_subgid }}/volumes/{{ item.key }}_db/_data/pg_hba.conf"
-#             block: |
-#                 host {{ item.value.db }} {{ odoo_instances[item.value.prod_instance | default(item.key)].db_user }} 172.16.0.0/12 md5
-#                 host postgres {{ odoo_instances[item.value.prod_instance | default(item.key)].db_user }} 172.16.0.0/12 md5
-#                 host {{ item.value.db }} {{ item.value.odoo_db_rouser }} all md5
-
-#       - name: PROD Allow readonly user connection to prod db (no userns_remap)
-#         when: not docker_userns_remap
-#         ansible.builtin.blockinfile:
-#             path: /var/lib/docker/volumes/{{ item.key }}_db/_data/pg_hba.conf
-#             block: |
-#                 host {{ item.value.db }} {{ odoo_instances[item.value.prod_instance | default(item.key)].db_user }} 172.16.0.0/12 md5
-#                 host postgres {{ odoo_instances[item.value.prod_instance | default(item.key)].db_user }} 172.16.0.0/12 md5
-#                 host {{ item.value.db }} {{ item.value.odoo_db_rouser }} all md5
-
-#       - name: PROD Disable access all rights (with userns_remap)
-#         when: docker_userns_remap
-#         ansible.builtin.lineinfile:
-#             name: "/var/lib/docker/{{ dockremap_subuid }}.{{ dockremap_subgid }}/volumes/{{ item.key }}_db/_data/pg_hba.conf"
-#             regexp: "^host all all all md5"
-#             line: "#host all all all md5"
-
-#       - name: PROD Disable access all rights (no userns_remap)
-#         when: not docker_userns_remap
-#         ansible.builtin.lineinfile:
-#             name: /var/lib/docker/volumes/{{ item.key }}_db/_data/pg_hba.conf
-#             regexp: "^host all all all md5"
-#             line: "#host all all all md5"
-
-# TODO: add restart db container
-
+- name: "Allow readonly user connection to prod db"
+  tags:
+    - "db_remote_ro_user"
+  vars:
+    pg_hba_path: "/var/lib/docker{{ '/' + (dockremap_subuid | string) + '.' + (dockremap_subgid | string) if docker_userns_remap else '' }}/volumes/{{ odoo_instance.key }}_db/_data/pg_hba.conf"
+  ansible.builtin.blockinfile:
+    path: "{{ pg_hba_path }}"
+    block: |
+      host {{ odoo_instance.value.db }} {{ odoo_instances[odoo_instance.value.prod_instance | default(odoo_instance.key)].db_user }} 172.16.0.0/12 md5
+      host {{ odoo_instance.value.db }} {{ odoo_instances[odoo_instance.value.prod_instance | default(odoo_instance.key)].db_user }} 192.168.0.0/16 md5
+      host postgres {{ odoo_instances[odoo_instance.value.prod_instance | default(odoo_instance.key)].db_user }} 172.16.0.0/12 md5
+      host postgres {{ odoo_instances[odoo_instance.value.prod_instance | default(odoo_instance.key)].db_user }} 192.168.0.0/16 md5
+      host {{ odoo_instance.value.db }} {{ odoo_instance.value.odoo_db_rouser }} all md5
+  loop: "{{ odoo_instances | dict2items }}"
+  loop_control:
+    label: "{{ odoo_instance.key }}"
+  when: >
+    test_instance_is_prod
+    and test_instance_is_selected
+    and odoo_instance.value.odoo_remote_db_access | default(false)
 
+- name: "Disable access all rights to prod db"
+  tags:
+    - "db_remote_ro_user"
+  vars:
+    pg_hba_path: "/var/lib/docker{{ '/' + (dockremap_subuid | string) + '.' + (dockremap_subgid | string) if docker_userns_remap else '' }}/volumes/{{ odoo_instance.key }}_db/_data/pg_hba.conf"
+  ansible.builtin.lineinfile:
+    name: "{{ pg_hba_path }}"
+    regexp: "^host all all all md5"
+    line: "#host all all all md5"
+  loop: "{{ odoo_instances | dict2items }}"
+  loop_control:
+    label: "{{ odoo_instance.key }}"
+  when: >
+    test_instance_is_prod
+    and test_instance_is_selected
+    and odoo_instance.value.odoo_remote_db_access | default(false)
 
+# TODO: add restart db container
 
 # --------------------------------------------------
 # Remote imports section