Re: Questions of the privileges to use the pg_cancel_backend and pg_terminate_backend function. Thanks.

On 2012-04-04, leaf_yxj <leaf_yxj@163.com> wrote:
> Hi Aaron: thanks. I tried the security definer. it works well as follows :
>
> CREATE FUNCTION kill_process(integer) RETURNS boolean AS 'select
> pg_cancel_backend($1);' LANGUAGE SQL SECURITY DEFINER;
>
> ---- One more question about this function : if non-super user get the
> execute this function, he/her will have privilege to kill all the processes
> which belong to the postgresql process. How can we avoid that happing.

revoke execute on function kill_process(integer) from public;
grant execute on function kill_process(integer) to db_admin;

assuming db_admin is a role granted to all those who you want to have
access, you can instead grans execute to each individual (or some
combination of those two)

--
⚂⚃ 100% natural