Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?
| От | Bryn Llewellyn |
|---|---|
| Тема | Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? |
| Дата | |
| Msg-id | 1BAB354D-E563-4091-A5BE-0F2050919883@yugabyte.com обсуждение исходный текст |
| Ответ на | Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? (Christophe Pettus <xof@thebuild.com>) |
| Ответы |
Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?
|
| Список | pgsql-general |
xof@thebuild.com wrote:bryn@yugabyte.com wrote:
What are you seeing that I'm failing to?
It works correctly for me, on MacOS:
create user r1;
revoke execute on function pg_terminate_backend from r1;
(reconnect as r1)select pg_terminate_backend(123);ERROR: permission denied for function pg_terminate_backend
\c postgres postgres
drop user if exists joe;
create user joe;
\c - joe
drop user if exists joe;
create user joe;
\c - joe
At first, the attempt to connect as "joe" failed for me because I had hardened my "postgres" database thus:
revoke all on database postgres from public;
alter database postgres connection limit = 0;
alter database postgres connection limit = 0;
I say this only to emphasize that there are always things that are critical that are elided in a testcase that tries to be minimal.
So it seems that there's something critical about my env that I'm failing to tell you all. But what can it be?
I just recruited a colleague to try Tom's minimal test. He saw what I did. That "joe" *is* able to invoke "pg_terminate_backend()" even after revoking execute on it from public. So he's doing the same pilot error as me.
В списке pgsql-general по дате отправления: