Hi All,
I would like to propose an implementation of creating new catalog view for pg_hba.conf file contents. Aim of this proposal is to present a new view “pg_settings_hba” to database administrator, for viewing pg_hba.conf file contents.
Currently, to view the pg_hba.conf file contents, DB admin has to access the file from database server to read the settings. In case of huge and multiple hba files, finding the appropriate hba rules which are loaded will be difficult and take some time.
Advantage of having this “pg_settings_hba” view is that the admin can check what hba rules are loaded in runtime via database connection itself. And, thereby it will be easy and useful for admin to check all the users with their privileges in a single view to manage them.
Since exposing this view to everyone poses a security problem, access of this view will be limited to super user.
As a first step, am proposing only the SELECT option for this new view. Later, based on your feedbacks, I would like to add UPDATE/DELETE options also to this view.
Here is the brief design of the proposal:
1. Create a new view “pg_settings_hba” in system_views.sql.
Structure of new view:
Column Type
---------- ------
connection_type text
databases text[]
roles text[]
socket_Address text
socket_Mask text
compare_Method text
hostName text
authMethod text
linenumber integer
2. Grant select permission of this view to super user.
3. Adding new function in guc.c (and in hba.c to load data from parsed hba lines) to create tuple descriptor . CREATE VIEW command in system_views.sql will make use of this new function, in guc.c, to build view.
Input for this view is taken from “parsed hba lines” and not from files directly.
Any comments or feedback on this proposal?
Thanks & Regards,
Vaishnavi
