Re: Things I don't like about \du's "Attributes" column - Mailing list pgsql-hackers

From Pavel Luzanov
Subject Re: Things I don't like about \du's "Attributes" column
Date
Msg-id bb439036-95ad-416b-88e5-e0d7bef525bf@postgrespro.ru
Whole thread Raw
In response to Re: Things I don't like about \du's "Attributes" column  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
On 23.07.2024 15:53, Robert Haas wrote:
On Mon, Jul 22, 2024 at 5:19 PM Pavel Luzanov <p.luzanov@postgrespro.ru> wrote:
Visible but inaccessible objects in system catalogs increase the volume
of command output unnecessarily. Why do I need to know the list of all
schemas in the database if I only have access to the public schema?
The same applies to inaccessible tables, views, functions, etc.

Not for safety, but for convenience, it might be worth having a set of views
that show only those rows of the system catalog (with *acl column) that
the user has access to. Either as the object owner, or through the privileges.
Directly or indirectly through role membership.
So, I wasn't actually aware that anyone had a big problem in this
area. I thought that most of the junk you might see in \d<whatever>
output would be hidden either because the objects you don't care about
are not in your search_path or because they are system objects. I
agree that doesn't help with schemas, but most people don't have a
huge number of schemas, and even if you do, you don't necessarily need
to look at the list all that frequently.
Maybe.
But it would be better not to see unnecessary objects in the system catalogs.
Especially for GUI tools.

Back to the subject.

So, personally, if I were going to work on a redesign in this area, I
would look into making \du <username> work like \d <tablename>. That
is, it would tell you every single thing there is to know about a
user. Role attributes. Roles in which this role has membership. Roles
that are a member of this row. Objects of all sorts this object owns.
Permissions this role has on objects of all sorts. Role settings. All
of it in SQL-ish format like we do with the footer when you run \d.
Then I would make \du work like \d: a minimal amount of basic
information about every role in the list, like whether it's a
superuser and whether they can log in.
Yes, I still like this idea.
A little later I will try to make a patch in this direction.

-- 
Pavel Luzanov
Postgres Professional: https://postgrespro.com

pgsql-hackers by date:

Previous
From: Tatsuo Ishii
Date:
Subject: Re: Protocol question regarding Portal vs Cursor
Next
From: Ayush Vatsa
Date:
Subject: Help Needed with Including External SQL Script in Extension Script