On Mon, Mar 30, 2026 at 6:44 AM Artur Zakirov <zaartur@gmail.com> wrote:
It seems we don't have ways to enforce this rule, and a user doesn't need to have advanced privileges to run PREPARE TRANSACTION. Correct me if I'm wrong. What if instead of adding a GUC we would add a new role, only this role (and superuser) will be able to run PREPARE TRANSACTION.
Well, it is certainly a better solution than a global timeout. But there are a ton of other ways that a user can mess things up. 2PC is very powerful, and very hard to get implement. It is disabled by default for good reason. Someone enabling it needs to have all their ducks in a row, and should have their own ways to monitor, and handle, errant transactions. So a strong -1 from me on the timeout, and a weak -1 on a GUC/permission solution (which could get hashed out more, perhaps).
