xof@thebuild.com wrote:bryn@yugabyte.com wrote:
What are you seeing that I'm failing to?
It works correctly for me, on MacOS:
create user r1;
revoke execute on function pg_terminate_backend from r1;
(reconnect as r1)
select pg_terminate_backend(123);
ERROR: permission denied for function pg_terminate_backend
Yes—this is what you all say. I suspect some-or-other setting that I’m unaware of. I tried (part of) Tom's test, thus:
\c postgres postgres
drop user if exists joe;
create user joe;
\c - joe
At first, the attempt to connect as "joe" failed for me because I had hardened my "postgres" database thus:
revoke all on database postgres from public;
alter database postgres connection limit = 0;
I say this only to emphasize that there are always things that are critical that are elided in a testcase that tries to be minimal.
So it seems that there's something critical about my env that I'm failing to tell you all. But what can it be?
I just recruited a colleague to try Tom's minimal test. He saw what I did. That "joe" *is* able to invoke "pg_terminate_backend()" even after revoking execute on it from public. So he's doing the same pilot error as me.
