On Tue, Mar 27, 2012 at 02:58:26PM +0200, Magnus Hagander wrote: > On Tue, Mar 27, 2012 at 11:04, Noah Misch <n...@leadboat.com> wrote: > > On Mon, Mar 26, 2012 at 07:53:25PM -0400, Robert Haas wrote: > >> I think the more important question is a policy question: do we want > >> it to work like this? ?It seems like a policy question that ought to > >> be left to the DBA, but we have no policy management framework for > >> DBAs to configure what they do or do not wish to allow. ?Still, if > >> we've decided it's OK to allow cancelling, I don't see any real reason > >> why this should be treated differently. > > > > The DBA can customize policy by revoking public execute permissions on > > pg_catalog.pg_terminate_backend and interposing a security definer function > > implementing his checks. ?For the population who will want something > > different > > here, that's adequate. > > Well, by that argument, we can keep pg_terminate_backend superuser > only and have the user wrap a security definer function around it to > *get* it, no?
Yes. However, if letting users terminate their own backends makes for a better default, we should still make it so. -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers