| From: | Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Euler Taveira de Oliveira <euler(at)timbira(dot)com>, Daniel Farina <daniel(at)heroku(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_cancel_backend by non-superuser |
| Date: | 2011-10-02 17:38:40 |
| Message-ID: | m2d3efwaxr.fsf@2ndQuadrant.fr |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Noah Misch <noah(at)leadboat(dot)com> writes:
>> >> On Fri, Sep 30, 2011 at 9:30 PM, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> ?wrote:
>> >>> ISTM it would be reasonably non-controversial to allow users to issue
>> >>> pg_cancel_backend against other sessions logged in as the same userID.
>> >>> The question is whether to go further than that, and if so how much.
>> >>
>> >> In *every* case -- and there are many -- where we've had people
>> >> express pain, this would have sufficed.
>
> +1 for allowing that unconditionally.
+1
>> Or how about making it a grantable database-level privilege?
>
> I think either is overkill. You can implement any policy by interposing a
> SECURITY DEFINER wrapper around pg_cancel_backend().
I still like the idea of grant cancel and grant terminate. For another
patch.
Regards,
--
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2011-10-02 19:05:31 | Re: Range Types - typo + NULL string constructor |
| Previous Message | Kohei KaiGai | 2011-10-02 17:16:33 | Re: [v9.2] Fix Leaky View Problem |