2013/7/29 Stephen Frost <sfr...@snowman.net>: > Szymon, > > * Szymon Guz (mabew...@gmail.com) wrote: >> On 29 July 2013 11:25, Pavel Stehule <pavel.steh...@gmail.com> wrote: >> > In 9.3 super user can cancel all queries or user can cancel own sessions. >> > >> > Is possible enhance this possibility to database owners? So owner can >> > cancel or can terminate sessions related to owned databases? > > Interesting idea but I'm not sure that database ownership is really how > we want to drive this. I can certainly see cases where I'd like user > 'X' to be able to cancel queries but where that user isn't the database > owner. Reducing the set of things that only a superuser can do is > certainly a worthwhile goal though.
there are two ideas: 1. some user (not super user) can terminate queries other users (not only own queries) 2. the limits are based on owning. Probably there is agreement on @1. I think so @2 is simple and natural - like "owner is small superuser", and it doesn't need any new objects. Second possibility is new kind of rights - possibility to terminate some other users. Possibility to terminate can be based on ownership or specific rights. We can support both. For me is mainly important @1. Design or implementation is not important - we would to decrease a usage of super user and we would to use more application users and only a few management users. > >> But this means that a db owner could cancel superuser's super important >> database query. Maybe let's make a default that the owner can cancel all >> queries except for superuser's ones. And additionaly a special right that >> superuser can grant it to the db owner, so the owner can cancel even >> superuser's queries? > > I'm not sure that I buy this argument either, particularly as > "superuser-ness status" can change due to a simple 'set role' and you'd > always have a race condition where the sending process might not realize > that the receiving process suddenly became a superuser process. This > strikes me as an option we might attach to a role (ala create-user) > rather than drive it by database ownership and forget the whole thing > about trying to block it for superuser processes- either you can > terminate backends that aren't yours, or you can't. > yes, it is valid option - when I thinking about security - it can be nice possibility to REVOKE right kill own tasks to some selected users. Regards Pavel > Thanks, > > Stephen -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
