diff options
| author | Stephen Frost <sfrost@snowman.net> | 2016-04-08 16:56:27 -0400 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2016-04-08 16:56:27 -0400 |
| commit | 7a542700df25eaf97b794bff63606176433dcdda (patch) | |
| tree | 961e8c45e93e113aa3194b14bc9a8896a4a86839 /src/backend/utils/adt/misc.c | |
| parent | 293007898d3fa5a815c1c5814df53627553f114d (diff) | |
| download | postgresql-7a542700df25eaf97b794bff63606176433dcdda.tar.gz postgresql-7a542700df25eaf97b794bff63606176433dcdda.zip | |
Create default roles
This creates an initial set of default roles which administrators may
use to grant access to, historically, superuser-only functions. Using
these roles instead of granting superuser access reduces the number of
superuser roles required for a system. Documention for each of the
default roles has been added to user-manag.sgml.
Bump catversion to 201604082, as we had a commit that bumped it to
201604081 and another that set it back to 201604071...
Reviews by José Luis Tallón and Robert Haas
Diffstat (limited to 'src/backend/utils/adt/misc.c')
| -rw-r--r-- | src/backend/utils/adt/misc.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/backend/utils/adt/misc.c b/src/backend/utils/adt/misc.c index ebc7bb388a7..a44fa38173a 100644 --- a/src/backend/utils/adt/misc.c +++ b/src/backend/utils/adt/misc.c @@ -21,6 +21,7 @@ #include <unistd.h> #include "access/sysattr.h" +#include "catalog/pg_authid.h" #include "catalog/catalog.h" #include "catalog/pg_tablespace.h" #include "catalog/pg_type.h" @@ -244,7 +245,8 @@ pg_signal_backend(int pid, int sig) return SIGNAL_BACKEND_NOSUPERUSER; /* Users can signal backends they have role membership in. */ - if (!has_privs_of_role(GetUserId(), proc->roleId)) + if (!has_privs_of_role(GetUserId(), proc->roleId) && + !has_privs_of_role(GetUserId(), DEFAULT_ROLE_SIGNAL_BACKENDID)) return SIGNAL_BACKEND_NOPERMISSION; /* @@ -290,7 +292,7 @@ pg_cancel_backend(PG_FUNCTION_ARGS) if (r == SIGNAL_BACKEND_NOPERMISSION) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - (errmsg("must be a member of the role whose query is being canceled")))); + (errmsg("must be a member of the role whose query is being canceled or member of pg_signal_backend")))); PG_RETURN_BOOL(r == SIGNAL_BACKEND_SUCCESS); } @@ -314,7 +316,7 @@ pg_terminate_backend(PG_FUNCTION_ARGS) if (r == SIGNAL_BACKEND_NOPERMISSION) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - (errmsg("must be a member of the role whose process is being terminated")))); + (errmsg("must be a member of the role whose process is being terminated or member of pg_signal_backend")))); PG_RETURN_BOOL(r == SIGNAL_BACKEND_SUCCESS); } |