| From: | Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru> |
|---|---|
| To: | Jim Nasby <jim(dot)nasby(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Things I don't like about \du's "Attributes" column |
| Date: | 2024-01-09 20:50:48 |
| Message-ID: | 9ce4e037-6611-4420-b480-f5669177a0cf@postgrespro.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 03.01.2024 02:37, Jim Nasby wrote:
>
> Some attributes are arguably important enough to warrant their own
> column. The most obvious is NOLOGIN, since those roles are generally
> used for a very different purpose than LOGIN roles. SUPERUSER might be
> another candidate (though, I much prefer a dedicated "sudo role" than
> explicit SU on roles).
>
I like this idea.
But what if all the attributes are moved to separate columns?
This solves all issues except the wide output. Less significant attributes
can be moved to extended mode. Here's what it might look like:
postgres(at)postgres(17.0)=# \du
List of roles
Role name | Login | Superuser | Create role | Create DB | Replication
-----------+-------+-----------+-------------+-----------+-------------
admin | no | no | no | no | no
alice | yes | yes | no | no | no
bob | yes | no | no | yes | yes
charlie | yes | no | yes | no | no
postgres | yes | yes | yes | yes | yes
(5 rows)
postgres(at)postgres(17.0)=# \du+
List of roles
Role name | Login | Superuser | Create role | Create DB | Replication | Bypass RLS | Inheritance | Password | Valid until | Connection limit | Description
-----------+-------+-----------+-------------+-----------+-------------+------------+-------------+----------+------------------------+------------------+-------------------------------------------------------------
admin | no | no | no | no | no | no | yes | no | | -1 | Group role without login
alice | yes | yes | no | no | no | no | no | yes | infinity | 5 | Superuser but with connection limit and with no inheritance
bob | yes | no | no | yes | yes | yes | yes | no | 2022-01-01 00:00:00+03 | -1 | No password but with expire time
charlie | yes | no | yes | no | no | no | yes | yes | | 0 | No connections allowed
postgres | yes | yes | yes | yes | yes | yes | yes | yes | | -1 |
(5 rows)
postgres(at)postgres(17.0)=# \x \du+ bob
Expanded display is on.
List of roles
-[ RECORD 1 ]----+---------------------------------
Role name | bob
Login | yes
Superuser | no
Create role | no
Create DB | yes
Replication | yes
Bypass RLS | yes
Inheritance | yes
Password | no
Valid until | 2022-01-01 00:00:00+03
Connection limit | -1
Description | No password but with expire time
--
Pavel Luzanov
Postgres Professional:https://postgrespro.com
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-psql-Rethinking-of-du-command.patch | text/x-patch | 7.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-01-09 20:51:06 | Re: Adding a pg_get_owned_sequence function? |
| Previous Message | Robert Haas | 2024-01-09 20:49:38 | Re: Add BF member koel-like indentation checks to SanityCheck CI |