Re: STOP all user access except for admin for a few minutes?

org@kewlstuff.co.za schrieb:
> Thx Russel,
> I want to control it from software, changing network access via pg_hba 
> with software doesnt feel right.
> 
> ================ possible case================
> Say I have a Group called Normal_Rights and one called Zero_Rights.
> 
> So dB runs as... Normal_Rights(User A, User B, User C, User D)
> Then via sql, superuser REVOKEs those user rights and GRANTs them
> Zero_Rights(User A, User B, User C, User D)... ie make users a member of 
> the ZERO rights group.
> 
> Then hopefully Postgres kicks them out gracefully?????
> 
> Then software make changes and switch's them back to their Normal_Rights 
> group.
> 
> ================ or  more general case================
> RECORD all the SQL for all user rights...
> REVOKE everything except needed software superusers (postgres, and 
> program superuser).
> make changes via software.
> PLAY BACK all the rights SQL script.
> 
> What do you think, will PG kill connections, let them go gracefully, 
> stop after current transaction????
> 
> ================ maybe I'm in the wrong tree================

Yes I'm thinking that too:

> Is it possible to make quick structural changes to postgres, with user 
> activety?

of course.

> Maybe start a transaction that changes structure... wonder if that will 
> stop or hold user activity???

Usually not - all your DDL is done in a transaction just like any other
access users would make. So it only fails (but as a whole) if you want
to modify locked tables and such. But you would not end up w/ a partly
changed database in any case. Just make sure you do everything in
a transaction. No need to suspend user accounts for that.


Regards
Tino