From: | Rafia Sabih <rafia(dot)pghackers(at)gmail(dot)com> |
---|---|
To: | Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jim Nasby <jim(dot)nasby(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: Things I don't like about \du's "Attributes" column |
Date: | 2024-07-11 12:07:27 |
Message-ID: | CA+FpmFeCLW_Z-3VXMmY5bHA2g-1j+fh-Ydjj9kAWUiLTM5D8DA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, 6 Jun 2024 at 23:10, Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru> wrote:
>
> On 06.06.2024 17:29, Robert Haas wrote:
>
> I think the first of these special interpretations is unnecessary and
> should be removed. It seems pretty clear what 0 means.
>
> Agree.
> There is an additional technical argument for removing this replacement.
> I don't like explicit cast to text of the "Connection limit" column.
> Without 'Not allowed' it is no longer required.
> Value -1 can be replaced by NULL with an implicit cast to integer.
>
> Next version with this change attached.
>
> Example output:
>
> \du+ regress_du*
> List of roles
> Role name | Login | Attributes | Valid until | Connection limit | Description
> ------------------+-------+-------------+------------------------------+------------------+------------------
> regress_du_admin | yes | Superuser +| | | some description
> | | Create DB +| | |
> | | Create role+| | |
> | | Inherit +| | |
> | | Replication+| | |
> | | Bypass RLS | | |
> regress_du_role0 | yes | Inherit | Tue Jun 04 00:00:00 2024 PDT | 0 |
> regress_du_role1 | no | Create role+| infinity | |
> | | Inherit | | |
> regress_du_role2 | yes | Inherit +| | 42 |
> | | Replication+| | |
> | | Bypass RLS | | |
> (4 rows)
>
> Current version for comparison:
This looks much better than the current version. Only thing is, I find
the column name Valid until confusing. With that name I am in danger
of taking it as the role's validity and not the passwords'.
How about naming it to something like Password validity...?
>
> List of roles
> Role name | Attributes | Description
> ------------------+------------------------------------------------------------+------------------
> regress_du_admin | Superuser, Create role, Create DB, Replication, Bypass RLS | some description
> regress_du_role0 | No connections +|
> | Password valid until 2024-06-04 00:00:00+03 |
> regress_du_role1 | Create role, Cannot login +|
> | Password valid until infinity |
> regress_du_role2 | Replication, Bypass RLS +|
> | 42 connections |
>
>
> Data:
> CREATE ROLE regress_du_role0 LOGIN PASSWORD '123' VALID UNTIL '2024-06-04' CONNECTION LIMIT 0;
> CREATE ROLE regress_du_role1 CREATEROLE CONNECTION LIMIT -1 VALID UNTIL 'infinity';
> CREATE ROLE regress_du_role2 LOGIN REPLICATION BYPASSRLS CONNECTION LIMIT 42;
> CREATE ROLE regress_du_admin LOGIN SUPERUSER CREATEROLE CREATEDB BYPASSRLS REPLICATION INHERIT;
> COMMENT ON ROLE regress_du_admin IS 'some description';
>
> --
> Pavel Luzanov
> Postgres Professional: https://postgrespro.com
--
Regards,
Rafia Sabih
From | Date | Subject | |
---|---|---|---|
Next Message | David Rowley | 2024-07-11 12:09:03 | Re: Optimize WindowAgg's use of tuplestores |
Previous Message | Andrew Dunstan | 2024-07-11 11:29:30 | Re: tests fail on windows with default git settings |