Proposal/design feedback needed: "Providing catalog view to pg_hba.conf file" - Mailing list pgsql-hackers
| From | Prabakaran, Vaishnavi |
|---|---|
| Subject | Proposal/design feedback needed: "Providing catalog view to pg_hba.conf file" |
| Date | |
| Msg-id | F40B0968DB0A904DA78A924E633BE7863C2640@SYDEXCHTMP2.au.fjanz.com Whole thread Raw |
| List | pgsql-hackers |
<div class="WordSection1"><p class="MsoNormal">Hi All,<p class="MsoNormal"> <p class="MsoNormal">I would like to proposean implementation of creating new catalog view for pg_hba.conf file contents. Aim of this proposal is to present anew view “pg_settings_hba” to database administrator, for viewing pg_hba.conf file contents. <p class="MsoNormal"> <p class="MsoNormal">Currently,to view the pg_hba.conf file contents, DB admin has to access the file from database server toread the settings. In case of huge and multiple hba files, finding the appropriate hba rules which are loaded will bedifficult and take some time. <p class="MsoNormal"> <p class="MsoNormal">Advantage of having this “pg_settings_hba” viewis that the admin can check what hba rules are loaded in runtime via database connection itself. And, thereby it willbe easy and useful for admin to check all the users with their privileges in a single view to manage them. <p class="MsoNormal"><spanstyle="color:#1F497D"> </span><p class="MsoNormal">Since exposing this view to everyone poses a securityproblem, access of this view will be limited to super user. <p class="MsoNormal">As a first step, am proposing onlythe SELECT option for this new view. Later, based on your feedbacks, I would like to add UPDATE/DELETE options alsoto this view. <span style="color:#1F497D"></span><p class="MsoNormal"><span style="color:#1F497D"> </span><p class="MsoNormal">Hereis the brief design of the proposal:<span style="color:#1F497D"></span><p class="MsoListParagraph"style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><span style="mso-list:Ignore">1.<span style="font:7.0pt"Times New Roman""> </span></span>Create a new view “pg_settings_hba” in system_views.sql.<p class="MsoListParagraph">Structureof new view:<p class="MsoListParagraph"> <p class="MsoListParagraph">Column Type<p class="MsoListParagraph">---------- ------<p class="MsoListParagraph">connection_type text<p class="MsoListParagraph">databases text[]<p class="MsoListParagraph">roles text[]<p class="MsoListParagraph">socket_Address text<p class="MsoListParagraph">socket_Mask text<p class="MsoListParagraph">compare_Method text<p class="MsoListParagraph">hostName text<p class="MsoListParagraph">authMethod text<pclass="MsoListParagraph">linenumber integer<p class="MsoListParagraph"> <p class="MsoListParagraph"style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><span style="mso-list:Ignore">2.<span style="font:7.0pt"Times New Roman""> </span></span>Grant select permission of this view to super user.<p class="MsoListParagraph"style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><span style="mso-list:Ignore">3.<span style="font:7.0pt"Times New Roman""> </span></span>Adding new function in guc.c (and in hba.c to load data from parsedhba lines) to create tuple descriptor . CREATE VIEW command in system_views.sql will make use of this new function,in guc.c, to build view.<p class="MsoNormal" style="margin-left:18.0pt"><span style="color:#1F497D"> </span><p class="MsoNormal">Inputfor this view is taken from “parsed hba lines” and not from files directly. <p class="MsoNormal"><spanstyle="color:#1F497D"> </span><p class="MsoNormal">Any comments or feedback on this proposal?<p class="MsoNormal"><spanstyle="mso-fareast-language:EN-AU"> </span><p class="MsoNormal"><span style="mso-fareast-language:EN-AU"> </span><pclass="MsoNormal"><span style="mso-fareast-language:EN-AU"> </span><p class="MsoNormal"><spanstyle="mso-fareast-language:EN-AU"> </span><p class="MsoNormal"><span style="mso-fareast-language:EN-AU">Thanks& Regards,</span><p class="MsoNormal"><span style="mso-fareast-language:EN-AU">Vaishnavi</span><pclass="MsoNormal"> </div>
pgsql-hackers by date: