1

I have a requirement where I need to have two users as database owner. I have created a role of db owner and assigned the role to two users. Now either of the users are able to drop the database. What is missing here?

 mydb=> SELECT d.datname as "Name",
 mydb-> pg_catalog.pg_get_userbyid(d.datdba) as "Owner"
 mydb-> FROM pg_catalog.pg_database d;
   Name    |   Owner   
-----------+-----------
  mydb     |  mydb_role
(1 row)

 mydb=> \du
                                                                  List of roles
      Role name       |                         Attributes                         |                          Member of                          
----------------------+------------------------------------------------------------+-------------------------------------------------------------
  mydb_role           | Create DB, Cannot login                                    | {}
  mydb_user           |                                                            | { mydb_role}
  mydb_user_clone     |                                                            | { mydb_role}

ubuntu@ip-10-69-163-164:~$ psql -U  mydb_user_clone -d postgres
psql (13.4 (Ubuntu 13.4-4.pgdg20.04+1), server 13.3)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.

postgres=> DROP DATABASE  mydb WITH (FORCE);
ERROR:  must be a member of the role whose process is being terminated or member of pg_signal_backend
postgres=>

Below commands are used to create user and role

CREATE ROLE mydb_role nologin;
ALTER DATABASE mydb OWNER TO mydb_role;
GRANT mydb_role TO mydb_user;
GRANT mydb_role TO mydb_user_clone;
Improve this question
4
  • it's not about the database ownership, but about the open connections to that database from other roles/users (btw: how did you manage to create the role mydb_role twice?) Commented Oct 20, 2021 at 7:08
  • Its the problem of db ownership as the force option also throws the same error. ubuntu@ip-10-69-163-164:~$ dropdb --if-exists --force mydb dropdb: error: database removal failed: ERROR: must be a member of the role whose process is being terminated or member of pg_signal_backend. There are no two mydb_role It was a problem of copy and paste Commented Oct 20, 2021 at 22:04
  • The error clearly says it's about not allowed to terminate open connections to the database. If there were no connections your user would be able to drop the database. Commented Oct 21, 2021 at 5:05
  • The error does not even reference open connections to the database. It references a "process" but it is not at all clear what process is being talked about. Commented Jul 28, 2022 at 0:12

1 Answer 1

Reset to default
1

Because you have not enough permission to terminate a backend process.

Your db user must be a member of the pg_signal_backend role to terminate another database user's process, OR you have to use another user with the superuser privilege.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

But I am not trying to terminate another users process which is db in this case. I own the db and I am trying to drop my own db.
In postgres 13 and above when use WITH (force) database terminate all existing connections and this command executed with your connected user
See document: postgresql.org/docs/current/sql-dropdatabase.html
Its not the problem of active connections. Its the problem of being db owner. ubuntu@ip-10-69-163-164:~$ dropdb --if-exists --force mydb dropdb: error: database removal failed: ERROR: must be a member of the role whose process is being terminated or member of pg_signal_backend

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.