From: | Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, David Zhang <david(dot)zhang(at)highgo(dot)ca>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, rmt(at)lists(dot)postgresql(dot)org, horikyota(dot)ntt(at)gmail(dot)com |
Subject: | Re: psql: Add role's membership options to the \du+ command |
Date: | 2023-06-24 15:11:31 |
Message-ID: | b8624fab-ad13-7933-8afc-976ab106b13a@postgrespro.ru |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Thank you for all valuable comments. I can now continue working on the
patch.
Here's what I plan to do in the next version.
Changes for \du & \dg commands
* showing distinct roles in the "Member of" column
* explicit order for list of roles
* no changes for extended mode (\du+)
New meta-command \drg
* showing info from pg_auth_members based on a query:
SELECT r.rolname role, m.rolname member,
pg_catalog.concat_ws(', ',
CASE WHEN pam.admin_option THEN 'ADMIN' END,
CASE WHEN pam.inherit_option THEN 'INHERIT' END,
CASE WHEN pam.set_option THEN 'SET' END
) AS options,
g.rolname grantor
FROM pg_catalog.pg_auth_members pam
JOIN pg_catalog.pg_roles r ON (pam.roleid = r.oid)
JOIN pg_catalog.pg_roles m ON (pam.member = m.oid)
JOIN pg_catalog.pg_roles g ON (pam.grantor = g.oid)
WHERE r.rolname !~ '^pg_'
ORDER BY role, member, grantor;
role | member | options | grantor
------------------+------------------+---------------------+------------------
regress_du_role0 | regress_du_admin | ADMIN, INHERIT, SET | postgres
regress_du_role0 | regress_du_role1 | ADMIN, INHERIT, SET |
regress_du_admin
regress_du_role0 | regress_du_role1 | INHERIT | regress_du_role1
regress_du_role0 | regress_du_role1 | SET | regress_du_role2
regress_du_role0 | regress_du_role2 | ADMIN | regress_du_admin
regress_du_role0 | regress_du_role2 | INHERIT, SET | regress_du_role1
regress_du_role0 | regress_du_role2 | | regress_du_role2
regress_du_role1 | regress_du_admin | ADMIN, INHERIT, SET | postgres
regress_du_role1 | regress_du_role2 | ADMIN, SET | regress_du_admin
regress_du_role2 | regress_du_admin | ADMIN, INHERIT, SET | postgres
(10 rows)
Notes
* The name of the new command. It's a good name, if not for the history.
There are two commands showing the same information about roles: \du and
\dr.
The addition of \drg may be misinterpreted: if there is \drg, then there
is also \dug.
Maybe it's time to think about deprecating of the \du command and leave
only \dg in the next versions?
* 'empty'. I suggest thinking about forbidding the situation with empty
options.
If we prohibit them, the issue will be resolved automatically.
* The new meta-command will also make sense for versions <16.
The ADMIN OPTION is available in all supported versions.
* The new meta-command will not show all roles. It will only show the
roles included in other roles.
To show all roles you need to add an outer join between pg_roles and
pg_auth_members.
But all columns except "role" will be left blank. Is it worth doing this?
--
Pavel Luzanov
Postgres Professional: https://postgrespro.com
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Luzanov | 2023-06-24 15:16:04 | Re: Things I don't like about \du's "Attributes" column |
Previous Message | Joe Conway | 2023-06-24 13:09:44 | Re: BUG #17946: LC_MONETARY & DO LANGUAGE plperl - BUG |