On Tue, Mar 27, 2012 at 11:04, Noah Misch <noah@leadboat.com> wrote:
> On Mon, Mar 26, 2012 at 07:53:25PM -0400, Robert Haas wrote:
>> I think the more important question is a policy question: do we want
>> it to work like this? It seems like a policy question that ought to
>> be left to the DBA, but we have no policy management framework for
>> DBAs to configure what they do or do not wish to allow. Still, if
>> we've decided it's OK to allow cancelling, I don't see any real reason
>> why this should be treated differently.
>
> The DBA can customize policy by revoking public execute permissions on
> pg_catalog.pg_terminate_backend and interposing a security definer function
> implementing his checks. For the population who will want something different
> here, that's adequate.
Well, by that argument, we can keep pg_terminate_backend superuser
only and have the user wrap a security definer function around it to
*get* it, no?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
