| From: | Daniel Farina <daniel(at)heroku(dot)com> |
|---|---|
| To: | Kääriäinen Anssi <anssi(dot)kaariainen(at)thl(dot)fi> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_cancel_backend by non-superuser |
| Date: | 2011-10-01 23:13:51 |
| Message-ID: | CAAZKuFap2ybVjh4XvBo1jJOPFRLeaK6VPUdSCGj61kron8qTDQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Oct 1, 2011 at 3:47 PM, Kääriäinen Anssi
<anssi(dot)kaariainen(at)thl(dot)fi> wrote:
> I would be a step in the right direction if the DB owner would see all queries
> to the DB in pg_stat_activity.
"All," including that of the superuser? I'd like to pass on that one, please.
In general, I feel there is this problem that one cannot hand over a
non-superuser but powerful role to someone else, and allowing them to
make new roles with strictly less power than what they were granted
(the opposite of role inheritance, whereby children have as much or
more power). Right now I get the feeling that I'd rather fix that
problem in the role system then overloading what it means to be a
database owner. If anything, to me being a database owner means the
ability to run ALTER DATABASE, and not much else.
--
fdr
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua Brindle | 2011-10-02 01:12:29 | Re: contrib/sepgsql regression tests are a no-go |
| Previous Message | Bruce Momjian | 2011-10-01 22:54:37 | Re: Bug with pg_ctl -w/wait and config-only directories |