Re: Things I don't like about \du's "Attributes" column

Mon, 15 Apr 2024 00:39:07 -0700 

I think we can change the output like this:

postgres=# \du
                                List of roles
 Role name | Login | Attributes  | Password | Valid until | Connection limit 
-----------+-------+-------------+----------+-------------+------------------
 test      |       | Inherit     |          |             | 
 test2     | Can   | Inherit     | Has      |             | 
 wenyi     | Can   | Superuser  +|          |             | 
           |       | Create DB  +|          |             | 
           |       | Create role+|          |             | 
           |       | Inherit    +|          |             | 
           |       | Replication+|          |             | 
           |       | Bypass RLS  |          |             | 
(3 rows)

And I submit my the patch, have a look?
Yours,
Wen Yi

------------------ Original ------------------
From:                                                                           
                                             "Pavel Luzanov"                    
                                                                
<p.luza...@postgrespro.ru>;
Date: Sun, Feb 18, 2024 07:14 PM
To: "David G. Johnston"<david.g.johns...@gmail.com>;
Cc: "Tom Lane"<t...@sss.pgh.pa.us>;"Jim 
Nasby"<jim.na...@gmail.com>;"Robert 
Haas"<robertmh...@gmail.com>;"pgsql-hackers"<pgsql-hackers@lists.postgresql.org>;
Subject: Re: Things I don't like about \du's "Attributes" column



On 17.02.2024 00:37, David G. Johnston wrote:
 
 
 
On Mon, Feb 12, 2024 at 2:29?6?2PM Pavel Luzanov 
<p.luza...@postgrespro.ru> wrote:
 
 
     regress_du_role1 | no| Inherit | no| 2024-12-31 00:00:00+03(invalid) | 50 
| Group role without password but with valid untilregress_du_role2 | yes | 
Inherit | yes | | Not allowed| No connections allowedregress_du_role3 | yes | | 
yes | | 10 | User without attributesregress_du_su| yes | Superuser+| yes | | 
3(ignored) | Superuser but with connection limit
 
   
 Per the recent bug report, we should probably add something like (ignored) 
after the 50 connections for role1 since they are not allowed to login so the 
value is indeed ignored. 
 
 
   Hm, but the same logic applies to "Password?" and "Valid until" for role1 
without login attribute. The challenge is how to display it for unprivileged 
users. But they can't see password information. So, displaying 'Valid until' as 
'(irrelevant)' for privileged users and real value for others looks badly.What 
can be done in this situation. 0. Show different values as described above. 1. 
Don't show 'Valid until' for unprivileged users at all. The same logic as for 
'Password?'. With possible exception: user can see 'Valid until' for 
himself.May be too complicated?2. Tom's advise:
  Not sure it's worth worrying about
  Show real values for 'Valid until' and 'Connection limit' without any 
hints.3. The best solution, which I can't see now.
 --Pavel Luzanov Postgres Professional: https://postgrespro.com

Attachment: v6-0002-psql-Rethinking-of-du-command.patch
Description: Binary data

Reply via email to