Postgres Pro
Downloads
Home   >   mailing lists

Re: Things I don't like about \du's "Attributes" column - Mailing list pgsql-hackers

From Wen Yi
Subject Re: Things I don't like about \du's "Attributes" column
Date
Msg-id tencent_312C693C97E13AF5D542533AC8A83804B707@qq.com
Whole thread Raw
In response to Re: Things I don't like about \du's "Attributes" column  (Pavel Luzanov <p.luzanov@postgrespro.ru>)
Responses Re: Things I don't like about \du's "Attributes" column
Re: Things I don't like about \du's "Attributes" column
List pgsql-hackers
Tree view 
I think we can change the output like this:

postgres=# \du
                                List of roles
 Role name | Login | Attributes  | Password | Valid until | Connection limit 
-----------+-------+-------------+----------+-------------+------------------
 test      |       | Inherit     |          |             | 
 test2     | Can   | Inherit     | Has      |             | 
 wenyi     | Can   | Superuser  +|          |             | 
           |       | Create DB  +|          |             | 
           |       | Create role+|          |             | 
           |       | Inherit    +|          |             | 
           |       | Replication+|          |             | 
           |       | Bypass RLS  |          |             | 
(3 rows)

And I submit my the patch, have a look?
Yours,
Wen Yi

------------------ Original ------------------
From:
    "Pavel Luzanov"
<p.luzanov@postgrespro.ru>;
Date: Sun, Feb 18, 2024 07:14 PM
To: "David G. Johnston"<david.g.johnston@gmail.com>;
Cc: "Tom Lane"<tgl@sss.pgh.pa.us>;"Jim Nasby"<jim.nasby@gmail.com>;"Robert
Haas"<robertmhaas@gmail.com>;"pgsql-hackers"<pgsql-hackers@lists.postgresql.org>;
Subject: Re: Things I don't like about \du's "Attributes" column



On 17.02.2024 00:37, David G. Johnston wrote:
 
 
 
On Mon, Feb 12, 2024 at 2:29 PM Pavel Luzanov <p.luzanov@postgrespro.ru> wrote:
 
 
     regress_du_role1 | no| Inherit | no| 2024-12-31 00:00:00+03(invalid) | 50 | Group role without password but with
validuntilregress_du_role2 | yes | Inherit | yes | | Not allowed| No connections allowedregress_du_role3 | yes | | yes
|| 10 | User without attributesregress_du_su| yes | Superuser+| yes | | 3(ignored) | Superuser but with connection
limit
 
   
 Per the recent bug report, we should probably add something like (ignored) after the 50 connections for role1 since
theyare not allowed to login so the value is indeed ignored. 
 
 
 
   Hm, but the same logic applies to "Password?" and "Valid until" for role1 without login attribute. The challenge is
howto display it for unprivileged users. But they can't see password information. So, displaying 'Valid until' as
'(irrelevant)'for privileged users and real value for others looks badly.What can be done in this situation. 0. Show
differentvalues as described above. 1. Don't show 'Valid until' for unprivileged users at all. The same logic as for
'Password?'.With possible exception: user can see 'Valid until' for himself.May be too complicated?2. Tom's advise:
 
  Not sure it's worth worrying about
  Show real values for 'Valid until' and 'Connection limit' without any hints.3. The best solution, which I can't see
now.
 --Pavel Luzanov Postgres Professional: https://postgrespro.com
Attachment

pgsql-hackers by date:

Previous
From: "Imseih (AWS), Sami"
Date:
Subject: Re: allow changing autovacuum_max_workers without restarting
Next
From: Dmitry Koterov
Date:
Subject: Re: In MacOS, psql reacts on SIGINT in a strange fashion (Linux is fine)