Re: Cross-backend signals and administration (Was: Re: pg_terminate_backend for same-role)

On Mon, Mar 26, 2012 at 07:53:25PM -0400, Robert Haas wrote:
> I think the more important question is a policy question: do we want
> it to work like this?  It seems like a policy question that ought to
> be left to the DBA, but we have no policy management framework for
> DBAs to configure what they do or do not wish to allow.  Still, if
> we've decided it's OK to allow cancelling, I don't see any real reason
> why this should be treated differently.

The DBA can customize policy by revoking public execute permissions on
pg_catalog.pg_terminate_backend and interposing a security definer function
implementing his checks.  For the population who will want something different
here, that's adequate.