Re: pg_cancel_backend by non-superuser

On Sun, Oct 02, 2011 at 06:55:51AM -0400, Robert Haas wrote:
> On Sat, Oct 1, 2011 at 10:11 PM, Euler Taveira de Oliveira
> <euler@timbira.com> wrote:
> > On 01-10-2011 17:44, Daniel Farina wrote:
> >> On Fri, Sep 30, 2011 at 9:30 PM, Tom Lane<tgl@sss.pgh.pa.us> ?wrote:
> >>> ISTM it would be reasonably non-controversial to allow users to issue
> >>> pg_cancel_backend against other sessions logged in as the same userID.
> >>> The question is whether to go further than that, and if so how much.
> >>
> >> In *every* case -- and there are many -- where we've had people
> >> express pain, this would have sufficed.

+1 for allowing that unconditionally.

> > I see. What about passing this decision to DBA? I mean a GUC
> > can_cancel_session = user, dbowner (default is '' -- only superuser). You
> > can select one or both options. This GUC can only be changed by superuser.
> 
> Or how about making it a grantable database-level privilege?

I think either is overkill.  You can implement any policy by interposing a
SECURITY DEFINER wrapper around pg_cancel_backend().

nm