On Mon, Mar 26, 2012 at 07:53:25PM -0400, Robert Haas wrote: > I think the more important question is a policy question: do we want > it to work like this? It seems like a policy question that ought to > be left to the DBA, but we have no policy management framework for > DBAs to configure what they do or do not wish to allow. Still, if > we've decided it's OK to allow cancelling, I don't see any real reason > why this should be treated differently.
The DBA can customize policy by revoking public execute permissions on pg_catalog.pg_terminate_backend and interposing a security definer function implementing his checks. For the population who will want something different here, that's adequate. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers