Re: RFC: roles

From: "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>
To: "Andreas Pflug" <pgadmin(at)pse-consulting(dot)de>, "pgadmin-hackers" <pgadmin-hackers(at)postgresql(dot)org>
Subject: Re: RFC: roles
Date: 2005-08-01 12:43:52
Message-ID: E7F85A1B5FF8D44C8A1AF6885BC9A0E4AC9683@ratbert.vale-housing.co.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgadmin-hackers

Hi Andreas

> -----Original Message-----
> From: pgadmin-hackers-owner(at)postgresql(dot)org
> [mailto:pgadmin-hackers-owner(at)postgresql(dot)org] On Behalf Of
> Andreas Pflug
> Sent: 31 July 2005 13:40
> To: pgadmin-hackers
> Subject: [pgadmin-hackers] RFC: roles
>
> I had a look at roles, and was wondering about the best way
> to support them.
>
> Purely, it's not a problem at all: just expose pg_authid and
> pg_auth_members in dialogs/lists.
>
> OTOH, it might be quite confusing for 1st time users that
> there are only
> roles with some attributes, no users and groups. Should we have two
> modes for it: The reduced view with users and groups (where a
> group may
> be a group member too) and an enhanced view that allows all
> role features?
> Additionally, this has also some impact on the security properties,
> since a role that may login currently wouldn't be exposed as
> grantee by
> default.
>
> Thoughts?

I think I would be inclined just to have the full view of everything.
Roles effectively deprecate users and groups, so I don't think we should
try to fool the user into thinking they are still there. For convenience
though, perhaps we should notate which roles have login somehow -
perhaps a trailing asterisk?

Regards, Dave.

Responses

Browse pgadmin-hackers by date

  From Date Subject
Next Message svn 2005-08-01 13:02:33 SVN Commit by andreas: r4383 - trunk/pgadmin3
Previous Message Andreas Pflug 2005-07-31 12:40:04 RFC: roles