On Wed, Nov 7, 2018 at 11:19 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > Like what?
>
> alter user postgres connection limit 0;
>
> ... oops ...
Sure. If you have no other superusers that's going to be sad.
Hopefully single-user mode lets you recover, though. And, anyway,
there are plenty of ways for a superuser to break a cluster far worse
than that.
> I'm not buying the argument that there are realistic use-cases where
> you need a connection limit on a superuser role, either. Whatever
> you're doing that might merit a connection limit should not be done
> as superuser. I think this proposal boils down to asking for support
> for an incredibly bad application design, and equipping every database
> with an additional foot-gun in order to have that.
I don't agree; that sounds like masterminding to me. "You shouldn't
want that feature, so we won't give it to you" is not always an
invalid argument, but we ought to tread lightly with it.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
