On Tue, Mar 27, 2012 at 11:04, Noah Misch <n...@leadboat.com> wrote:
> On Mon, Mar 26, 2012 at 07:53:25PM -0400, Robert Haas wrote:
>> I think the more important question is a policy question: do we want
>> it to work like this?  It seems like a policy question that ought to
>> be left to the DBA, but we have no policy management framework for
>> DBAs to configure what they do or do not wish to allow.  Still, if
>> we've decided it's OK to allow cancelling, I don't see any real reason
>> why this should be treated differently.
> The DBA can customize policy by revoking public execute permissions on
> pg_catalog.pg_terminate_backend and interposing a security definer function
> implementing his checks.  For the population who will want something different
> here, that's adequate.

Well, by that argument, we can keep pg_terminate_backend superuser
only and have the user wrap a security definer function around it to
*get* it, no?

 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to