On Thu, Feb 15, 2007 at 22:39:13 -0500, Lou Duchez <lou@xxxxxxxxxxxxx> wrote: > > 1) "grant select on database ..." or, hypothetically, "grant select on > cluster". The goal would be to create a read-only PostgreSQL user, one > who can read the contents of an entire database (or even the entire > cluster) but make no changes. Currently, to do my cron job, I have to > specify a "trusted" user, otherwise PostgreSQL will ask for a password; > it sure would be nice if I could neuter my "trusted" user so he cannot > do any damage. (Yes, I could set read-only privileges on a table-by-table > basis. Obviously, that's a pain.) You can use ident authentication instead of trust. That may make using the postgres db account for the cronjob's connection an acceptible risk.
