From: | "Prabakaran, Vaishnavi" <vaishnavip(at)fast(dot)au(dot)fujitsu(dot)com> |
---|---|
To: | <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Proposal/design feedback needed: "Providing catalog view to pg_hba.conf file" |
Date: | 2014-02-28 01:39:49 |
Message-ID: | F40B0968DB0A904DA78A924E633BE7863C2640@SYDEXCHTMP2.au.fjanz.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi All,
I would like to propose an implementation of creating new catalog view
for pg_hba.conf file contents. Aim of this proposal is to present a new
view "pg_settings_hba" to database administrator, for viewing
pg_hba.conf file contents.
Currently, to view the pg_hba.conf file contents, DB admin has to access
the file from database server to read the settings. In case of huge and
multiple hba files, finding the appropriate hba rules which are loaded
will be difficult and take some time.
Advantage of having this "pg_settings_hba" view is that the admin can
check what hba rules are loaded in runtime via database connection
itself. And, thereby it will be easy and useful for admin to check all
the users with their privileges in a single view to manage them.
Since exposing this view to everyone poses a security problem, access of
this view will be limited to super user.
As a first step, am proposing only the SELECT option for this new view.
Later, based on your feedbacks, I would like to add UPDATE/DELETE
options also to this view.
Here is the brief design of the proposal:
1. Create a new view "pg_settings_hba" in system_views.sql.
Structure of new view:
Column Type
---------- ------
connection_type text
databases text[]
roles text[]
socket_Address text
socket_Mask text
compare_Method text
hostName text
authMethod text
linenumber integer
2. Grant select permission of this view to super user.
3. Adding new function in guc.c (and in hba.c to load data from
parsed hba lines) to create tuple descriptor . CREATE VIEW command in
system_views.sql will make use of this new function, in guc.c, to build
view.
Input for this view is taken from "parsed hba lines" and not from files
directly.
Any comments or feedback on this proposal?
Thanks & Regards,
Vaishnavi
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Berkus | 2014-02-28 01:54:05 | Re: jsonb and nested hstore |
Previous Message | Peter Geoghegan | 2014-02-28 01:31:29 | Re: jsonb and nested hstore |