diff --git a/tencentcloud/services/postgresql/resource_tc_postgresql_readonly_instance.go b/tencentcloud/services/postgresql/resource_tc_postgresql_readonly_instance.go
index ea7197d8c2..146e441a63 100644
--- a/tencentcloud/services/postgresql/resource_tc_postgresql_readonly_instance.go
+++ b/tencentcloud/services/postgresql/resource_tc_postgresql_readonly_instance.go
@@ -371,16 +371,23 @@ func resourceTencentCloudPostgresqlReadOnlyInstanceRead(d *schema.ResourceData,
 	_ = d.Set("subnet_id", instance.SubnetId)
 	_ = d.Set("name", instance.DBInstanceName)
 	_ = d.Set("need_support_ipv6", instance.SupportIpv6)
-	// set readonly group when DescribeReadOnlyGroups ready for filter by the readonly group id
-	// _ = d.Set("read_only_group_id", readonlyGroup.Id)
+	// read only group
+	masterDBInstanceId := instance.MasterDBInstanceId
+	readOnlyGroupId, err := postgresqlService.DescribeReadOnlyGroupsById(ctx, *masterDBInstanceId, d.Id())
+	if err != nil {
+		return err
+	}
+
+	if readOnlyGroupId != nil {
+		_ = d.Set("read_only_group_id", readOnlyGroupId)
+	}
 
 	// security groups
-	// Only redis service support modify Generic DB instance security groups
-	redisService := svccrs.NewRedisService(meta.(tccommon.ProviderMeta).GetAPIV3Conn())
-	sg, err := redisService.DescribeDBSecurityGroups(ctx, "postgres", d.Id())
+	sg, err := postgresqlService.DescribeDBInstanceSecurityGroupsById(ctx, d.Id())
 	if err != nil {
 		return err
 	}
+
 	if len(sg) > 0 {
 		_ = d.Set("security_groups_ids", sg)
 	}
diff --git a/tencentcloud/services/postgresql/service_tencentcloud_postgresql.go b/tencentcloud/services/postgresql/service_tencentcloud_postgresql.go
index ebad3c7774..c0adcbc20f 100644
--- a/tencentcloud/services/postgresql/service_tencentcloud_postgresql.go
+++ b/tencentcloud/services/postgresql/service_tencentcloud_postgresql.go
@@ -491,6 +491,52 @@ func (me *PostgresqlService) DescribeDBInstanceSecurityGroupsByGroupId(ctx conte
 	return
 }
 
+func (me *PostgresqlService) DescribeReadOnlyGroupsById(ctx context.Context, masterDBInstanceId string, instanceId string) (readOnlyGroupId *string, errRet error) {
+	logId := tccommon.GetLogId(ctx)
+	request := postgresql.NewDescribeReadOnlyGroupsRequest()
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail,reason[%s]", logId, request.GetAction(), errRet.Error())
+		}
+	}()
+
+	request.Filters = []*postgresql.Filter{
+		{
+			Name: helper.String("db-master-instance-id"),
+			Values: []*string{
+				helper.String(masterDBInstanceId),
+			},
+		},
+	}
+
+	response, err := me.client.UsePostgresqlClient().DescribeReadOnlyGroups(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+
+	if response == nil || response.Response == nil {
+		errRet = fmt.Errorf("TencentCloud SDK return nil response, %s", request.GetAction())
+		return
+	}
+
+	roGroupList := response.Response.ReadOnlyGroupList
+	if len(roGroupList) > 0 {
+		for _, roGroup := range roGroupList {
+			roDBInstanceList := roGroup.ReadOnlyDBInstanceList
+			for _, roDBInstance := range roDBInstanceList {
+				roDBInstanceId := *roDBInstance.DBInstanceId
+				if roDBInstanceId == instanceId {
+					readOnlyGroupId = roGroup.ReadOnlyGroupId
+					return
+				}
+			}
+		}
+	}
+
+	return
+}
+
 func (me *PostgresqlService) DescribeDBInstanceSecurityGroupsById(ctx context.Context, instanceId string) (sg []string, errRet error) {
 	logId := tccommon.GetLogId(ctx)
 	request := postgresql.NewDescribeDBInstanceSecurityGroupsRequest()