On Tue, 2012-02-28 at 20:53 +0100, Bartosz Dmytrak wrote:
> 2012/2/28 Guillaume Lelarge <guillaume@lelarge.info>
> On Tue, 2012-02-28 at 09:22 +0100, Bartosz Dmytrak wrote:
> > Hi,
> > I would like to see who is member of selected role,
> somewhere in group role
> > form. Hope this will help to administrate multiuser
> environments.
> >
> > This feature is covered by query:
> > SELECT p.rolname, m.rolname as member, g.rolname as grantor
> > FROM pg_authid p
> > INNER JOIN pg_auth_members am ON (p.oid = am.roleid)
> > INNER JOIN pg_authid m ON (am.member = m.oid)
> > INNER JOIN pg_authid g ON (am.grantor = g.oid)
> > WHERE p.rolname = 'MyRole'
> >
> > This query shows of course only direct members, feature
> could be extended
> > to indirect members too (and mark them as indirect).
> > Right now I use workaround with macro.
> >
>
>
> IOW, you want the opposite of the "Role membership" tab. Not
> sure if it
> really makes sense in pgAdmin.
>
> Yes indeed - that is my intention. In my opinion it makes sense,
> because right now You are not able to answer question who is member
> of role X quickly.
Yes, and my question is: do we want to answer this question? how does it
help the administrator to set up his users?
> My strategy is to group users into roles and then grant/revoke
> privileges to groups, and also pg_hba.conf file is organized based on
> groups not users because I have to manage 1000+ users from different
> organization units. Right now pgAdmin is rather bottom-up organized
> not top-down. By implementing this feature You will give users new
> point of view on privileges.
>
I understand, but we cannot put every way of visualizing a database in
pgAdmin. This tool also needs to be simple to use, and having different
ways to see the same thing doesn't make it simple.
--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com
