Re: pg_cancel_backend by non-superuser

On Sun, Oct 2, 2011 at 23:32, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Noah Misch <noah(at)leadboat(dot)com> writes:
>> On Sun, Oct 02, 2011 at 06:55:51AM -0400, Robert Haas wrote:
>>> On Sat, Oct 1, 2011 at 10:11 PM, Euler Taveira de Oliveira
>>> <euler(at)timbira(dot)com> wrote:
>>>> I see. What about passing this decision to DBA? I mean a GUC
>>>> can_cancel_session = user, dbowner (default is '' -- only superuser). You
>>>> can select one or both options. This GUC can only be changed by superuser.
>
>>> Or how about making it a grantable database-level privilege?
>
>> I think either is overkill.  You can implement any policy by interposing a
>> SECURITY DEFINER wrapper around pg_cancel_backend().
>
> I'm with Noah on this.  If allowing same-user cancels is enough to solve
> 95% or 99% of the real-world use cases, let's just do that.  There's no
> very good reason to suppose that a GUC or some more ad-hoc privileges
> will solve a large enough fraction of the rest of the cases to be worth
> their maintenance effort.  In particular, I think both of the above
> proposals assume way too much about the DBA's specific administrative
> requirements.

+1.

Torello, are you up for updating your patch to do this, for now? If
not, I'll be happy to create an updated patch that does just this, but
since you got started on it...

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/