Thread: feature request - show role members

On Tue, 2012-02-28 at 09:22 +0100, Bartosz Dmytrak wrote:
> Hi,
> I would like to see who is member of selected role, somewhere in group role
> form. Hope this will help to administrate multiuser environments.
> 
> This feature is covered by query:
> SELECT p.rolname, m.rolname as member, g.rolname as grantor
> FROM pg_authid p
>  INNER JOIN pg_auth_members am ON (p.oid = am.roleid)
> INNER JOIN pg_authid m ON (am.member = m.oid)
>  INNER JOIN pg_authid g ON (am.grantor = g.oid)
> WHERE p.rolname = 'MyRole'
> 
> This query shows of course only direct members, feature could be extended
> to indirect members too (and mark them as indirect).
> Right now I use workaround with macro.
> 

IOW, you want the opposite of the "Role membership" tab. Not sure if it
really makes sense in pgAdmin.


-- 
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com

On Tue, 2012-02-28 at 20:53 +0100, Bartosz Dmytrak wrote:
> 2012/2/28 Guillaume Lelarge <guillaume@lelarge.info>
>         On Tue, 2012-02-28 at 09:22 +0100, Bartosz Dmytrak wrote:
>         > Hi,
>         > I would like to see who is member of selected role,
>         somewhere in group role
>         > form. Hope this will help to administrate multiuser
>         environments.
>         >
>         > This feature is covered by query:
>         > SELECT p.rolname, m.rolname as member, g.rolname as grantor
>         > FROM pg_authid p
>         >  INNER JOIN pg_auth_members am ON (p.oid = am.roleid)
>         > INNER JOIN pg_authid m ON (am.member = m.oid)
>         >  INNER JOIN pg_authid g ON (am.grantor = g.oid)
>         > WHERE p.rolname = 'MyRole'
>         >
>         > This query shows of course only direct members, feature
>         could be extended
>         > to indirect members too (and mark them as indirect).
>         > Right now I use workaround with macro.
>         >
>         
>         
>         IOW, you want the opposite of the "Role membership" tab. Not
>         sure if it
>         really makes sense in pgAdmin.

> 
> Yes indeed - that is my intention. In my opinion it makes sense,
> because right now You are not able to answer question  who is member
> of role X quickly.

Yes, and my question is: do we want to answer this question? how does it
help the administrator to set up his users?

>  My strategy is to group users into roles and then grant/revoke
> privileges to groups, and also pg_hba.conf file is organized based on
> groups not users because I have to manage 1000+ users from different
> organization units. Right now pgAdmin is rather bottom-up organized
> not top-down. By implementing this feature You will give users new
> point of view on privileges.
> 

I understand, but we cannot put every way of visualizing a database in
pgAdmin. This tool also needs to be simple to use, and having different
ways to see the same thing doesn't make it simple.


-- 
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com

On Thu, 2012-03-01 at 08:06 -0600, Mike Blackwell wrote:
> 
> On Wed, Feb 29, 2012 at 16:42, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
>         
>         I understand, but we cannot put every way of visualizing a
>         database in
>         pgAdmin. This tool also needs to be simple to use, and having
>         different
>         ways to see the same thing doesn't make it simple.
>         
> 
> 
> True, but sometimes multiple views can be appropriate.  I also spend
> more time managing groups and group membership than individual users,
> and have often wished to be able to modify group membership from the
> group view, rather than going to each user to be changed.
> 

On second thoughts, it may be interesting to have that.

If you can send a patch, I would be able to review it.


-- 
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com