Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?

> xof(at)thebuild(dot)com wrote:
>
>> bryn(at)yugabyte(dot)com wrote:
>>
>> What are you seeing that I'm failing to?
>
> It works correctly for me, on MacOS:
>
> create user r1;
> revoke execute on function pg_terminate_backend from r1;
>
> (reconnect as r1)
>
> select pg_terminate_backend(123);
>
> ERROR: permission denied for function pg_terminate_backend

Yes—this is what you all say. I suspect some-or-other setting that I’m unaware of. I tried (part of) Tom's test, thus:

\c postgres postgres
drop user if exists joe;
create user joe;
\c - joe

At first, the attempt to connect as "joe" failed for me because I had hardened my "postgres" database thus:

revoke all on database postgres from public;
alter database postgres connection limit = 0;

I say this only to emphasize that there are always things that are critical that are elided in a testcase that tries to be minimal.

So it seems that there's something critical about my env that I'm failing to tell you all. But what can it be?

I just recruited a colleague to try Tom's minimal test. He saw what I did. That "joe" *is* able to invoke "pg_terminate_backend()" even after revoking execute on it from public. So he's doing the same pilot error as me.