From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pg_auth_members.grantor is bunk |
Date: | 2022-07-29 12:46:06 |
Message-ID: | CA+TgmoZLxrfP1TEnysx3ajHRLvuiPZBXPB9nX1te+eM50+uidw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Jul 28, 2022 at 5:17 PM David G. Johnston
<david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> I suggest changing \du memberof to output something like this:
>
> rolname | memberof
> ---------+------------------------------------
> vagrant | {}
> r | {q:admin/vagrant}
> t | {q:admin/vagrant,s:member/vagrant}
>
> (needs sorting, tried to model it after ACL - column privileges specifically)
I don't know. I agree with you that we should probably think about
changing the \du output, but I'm not sure if I like this particular
idea about how to do it. I mean, the ACL format that we use for tables
and other objects is basically an internal format which we throw at
the user, hoping they'll know how to interpret it. I don't know if
it's what we should pick when we don't have that kind of internal
format already. On the other hand, consistency is worth something, and
I'm not sure that I have a better idea.
https://commitfest.postgresql.org/38/3744/ might affect what we want
to do here, too.
> If we aren't dead set on having \du and \dg be aliases for each other I'd rather redesign \dg (or add a new meta-command) to be a group-centric view of this exact same data instead of user-centric one. Namely it has a "members" column instead of "memberof" and have it output, one line per member:
>
> user=[admin|member]/grantor
That seems like a topic for a separate thread, but I agree that a
flipped view of this data would be more useful than using two letters
of the alphabet for exactly the same thing, especially given that
we're pretty short on unused letters.
> I don't have any meaningful insight as to breaking things with these changes but I am strongly in favor of tightening this up and formalizing it.
Cool.
--
Robert Haas
EDB: http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Simon Riggs | 2022-07-29 12:49:01 | Re: Hash index build performance tweak from sorting |
Previous Message | Robert Haas | 2022-07-29 12:22:26 | Re: generic plans and "initial" pruning |