Re: pg_cancel_backend by non-superuser

2011/12/6 Magnus Hagander <magnus@hagander.net>:
> On Sun, Oct 2, 2011 at 23:32, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Noah Misch <noah@leadboat.com> writes:
>>> On Sun, Oct 02, 2011 at 06:55:51AM -0400, Robert Haas wrote:
>>>> On Sat, Oct 1, 2011 at 10:11 PM, Euler Taveira de Oliveira
>>>> <euler@timbira.com> wrote:
>>>>> I see. What about passing this decision to DBA? I mean a GUC
>>>>> can_cancel_session = user, dbowner (default is '' -- only superuser). You
>>>>> can select one or both options. This GUC can only be changed by superuser.
>>
>>>> Or how about making it a grantable database-level privilege?
>>
>>> I think either is overkill.  You can implement any policy by interposing a
>>> SECURITY DEFINER wrapper around pg_cancel_backend().
>>
>> I'm with Noah on this.  If allowing same-user cancels is enough to solve
>> 95% or 99% of the real-world use cases, let's just do that.  There's no
>> very good reason to suppose that a GUC or some more ad-hoc privileges
>> will solve a large enough fraction of the rest of the cases to be worth
>> their maintenance effort.  In particular, I think both of the above
>> proposals assume way too much about the DBA's specific administrative
>> requirements.
>
> +1.
>
> Torello, are you up for updating your patch to do this, for now? If
> not, I'll be happy to create an updated patch that does just this, but
> since you got started on it...
>

Sorry for the long delay.

I will try to adjust the patch and submit for the next Commit Fest if
this is ok for you.


> --
>  Magnus Hagander
>  Me: http://www.hagander.net/
>  Work: http://www.redpill-linpro.com/
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers