diff --git a/ansible/files/postgresql_config/supautils.conf.j2 b/ansible/files/postgresql_config/supautils.conf.j2
index c503b01a5..00262b6ac 100644
--- a/ansible/files/postgresql_config/supautils.conf.j2
+++ b/ansible/files/postgresql_config/supautils.conf.j2
@@ -10,6 +10,6 @@ supautils.privileged_extensions = 'address_standardizer, address_standardizer_da
 supautils.extension_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts'
 supautils.privileged_extensions_superuser = 'supabase_admin'
 supautils.privileged_role = 'postgres'
-supautils.privileged_role_allowed_configs = 'auto_explain.*, log_lock_waits, log_min_duration_statement, log_min_messages, log_parameter_max_length, log_replication_commands, log_statement, log_temp_files, pg_net.batch_size, pg_net.ttl, pg_stat_statements.*, pgaudit.log, pgaudit.log_catalog, pgaudit.log_client, pgaudit.log_level, pgaudit.log_relation, pgaudit.log_rows, pgaudit.log_statement, pgaudit.log_statement_once, pgaudit.role, pgrst.*, plan_filter.*, safeupdate.enabled, session_replication_role, track_io_timing, wal_compression'
+supautils.privileged_role_allowed_configs = 'auto_explain.*, log_lock_waits, log_min_duration_statement, log_min_messages, log_parameter_max_length, log_replication_commands, log_statement, log_temp_files, pg_net.batch_size, pg_net.ttl, pg_stat_statements.*, pgaudit.log, pgaudit.log_catalog, pgaudit.log_client, pgaudit.log_level, pgaudit.log_relation, pgaudit.log_rows, pgaudit.log_statement, pgaudit.log_statement_once, pgaudit.role, pgrst.*, plan_filter.*, safeupdate.enabled, session_replication_role, track_functions, track_io_timing, wal_compression'
 supautils.reserved_memberships = 'pg_read_server_files, pg_write_server_files, pg_execute_server_program, supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_realtime_admin, supabase_replication_admin, supabase_etl_admin, dashboard_user, pgbouncer, authenticator'
 supautils.reserved_roles = 'supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_realtime_admin, supabase_replication_admin, supabase_etl_admin, dashboard_user, pgbouncer, service_role*, authenticator*, authenticated*, anon*'
diff --git a/nix/tests/expected/enable_tracking.out b/nix/tests/expected/enable_tracking.out
new file mode 100644
index 000000000..58d2b7bcf
--- /dev/null
+++ b/nix/tests/expected/enable_tracking.out
@@ -0,0 +1,4 @@
+alter role postgres set track_functions = 'pl';
+alter role postgres set track_io_timing = on;
+alter role postgres reset track_functions;
+alter role postgres reset track_io_timing;
diff --git a/nix/tests/sql/enable_tracking.sql b/nix/tests/sql/enable_tracking.sql
new file mode 100644
index 000000000..58c4d2fb8
--- /dev/null
+++ b/nix/tests/sql/enable_tracking.sql
@@ -0,0 +1,5 @@
+alter role postgres set track_functions = 'pl';
+alter role postgres set track_io_timing = on;
+
+alter role postgres reset track_functions;
+alter role postgres reset track_io_timing;