Re: pg_cancel_backend by non-superuser

From: Torello Querci <tquerci(at)gmail(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Euler Taveira de Oliveira <euler(at)timbira(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Daniel Farina <daniel(at)heroku(dot)com>
Subject: Re: pg_cancel_backend by non-superuser
Date: 2011-10-02 10:58:12
Message-ID: CA+igE6Sz1xR9Dbq7MJuaxNipMxamzhD60FWQUTj9HgBGx3iDvA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I like this idea

+1
Il giorno 02/ott/2011 12:56, "Robert Haas" <robertmhaas(at)gmail(dot)com> ha
scritto:
> On Sat, Oct 1, 2011 at 10:11 PM, Euler Taveira de Oliveira
> <euler(at)timbira(dot)com> wrote:
>> On 01-10-2011 17:44, Daniel Farina wrote:
>>>
>>> On Fri, Sep 30, 2011 at 9:30 PM, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>>>
>>>> ISTM it would be reasonably non-controversial to allow users to issue
>>>> pg_cancel_backend against other sessions logged in as the same userID.
>>>> The question is whether to go further than that, and if so how much.
>>>
>>> In *every* case -- and there are many -- where we've had people
>>> express pain, this would have sufficed.
>>>
>> I see. What about passing this decision to DBA? I mean a GUC
>> can_cancel_session = user, dbowner (default is '' -- only superuser). You
>> can select one or both options. This GUC can only be changed by
superuser.
>
> Or how about making it a grantable database-level privilege?
>
> --
> Robert Haas
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2011-10-02 11:10:11 Re: [REVIEW] pg_last_xact_insert_timestamp
Previous Message Robert Haas 2011-10-02 10:55:51 Re: pg_cancel_backend by non-superuser