From: | Wen Yi <wen-yi(at)qq(dot)com> |
---|---|
To: | Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru>, David G(dot) Johnston <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jim Nasby <jim(dot)nasby(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Things I don't like about \du's "Attributes" column |
Date: | 2024-04-14 02:02:00 |
Message-ID: | tencent_312C693C97E13AF5D542533AC8A83804B707@qq.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
I think we can change the output like this:
postgres=# \du
List of roles
Role name | Login | Attributes | Password | Valid until | Connection limit
-----------+-------+-------------+----------+-------------+------------------
test | | Inherit | | |
test2 | Can | Inherit | Has | |
wenyi | Can | Superuser +| | |
| | Create DB +| | |
| | Create role+| | |
| | Inherit +| | |
| | Replication+| | |
| | Bypass RLS | | |
(3 rows)
And I submit my the patch, have a look?
Yours,
Wen Yi
------------------ Original ------------------
From: "Pavel Luzanov" <p(dot)luzanov(at)postgrespro(dot)ru>;
Date: Sun, Feb 18, 2024 07:14 PM
To: "David G. Johnston"<david(dot)g(dot)johnston(at)gmail(dot)com>;
Cc: "Tom Lane"<tgl(at)sss(dot)pgh(dot)pa(dot)us>;"Jim Nasby"<jim(dot)nasby(at)gmail(dot)com>;"Robert Haas"<robertmhaas(at)gmail(dot)com>;"pgsql-hackers"<pgsql-hackers(at)lists(dot)postgresql(dot)org>;
Subject: Re: Things I don't like about \du's "Attributes" column
On 17.02.2024 00:37, David G. Johnston wrote:
On Mon, Feb 12, 2024 at 2:29 PM Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru> wrote:
regress_du_role1 | no| Inherit | no| 2024-12-31 00:00:00+03(invalid) | 50 | Group role without password but with valid untilregress_du_role2 | yes | Inherit | yes | | Not allowed| No connections allowedregress_du_role3 | yes | | yes | | 10 | User without attributesregress_du_su| yes | Superuser+| yes | | 3(ignored) | Superuser but with connection limit
Per the recent bug report, we should probably add something like (ignored) after the 50 connections for role1 since they are not allowed to login so the value is indeed ignored.
Hm, but the same logic applies to "Password?" and "Valid until" for role1 without login attribute. The challenge is how to display it for unprivileged users. But they can't see password information. So, displaying 'Valid until' as '(irrelevant)' for privileged users and real value for others looks badly.What can be done in this situation. 0. Show different values as described above. 1. Don't show 'Valid until' for unprivileged users at all. The same logic as for 'Password?'. With possible exception: user can see 'Valid until' for himself.May be too complicated?2. Tom's advise:
Not sure it's worth worrying about
Show real values for 'Valid until' and 'Connection limit' without any hints.3. The best solution, which I can't see now.
--Pavel Luzanov Postgres Professional: https://postgrespro.com
Attachment | Content-Type | Size |
---|---|---|
v6-0002-psql-Rethinking-of-du-command.patch | application/octet-stream | 1.4 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Dmitry Koterov | 2024-04-14 02:05:59 | Re: In MacOS, psql reacts on SIGINT in a strange fashion (Linux is fine) |
Previous Message | Imseih (AWS), Sami | 2024-04-14 01:56:09 | Re: allow changing autovacuum_max_workers without restarting |