Re: Things I don't like about \du's "Attributes" column

Pavel Luzanov <p.luzanov@postgrespro.ru>

From: Pavel Luzanov <p.luzanov@postgrespro.ru>
To: Tom Lane <tgl@sss.pgh.pa.us>, "David G. Johnston" <david.g.johnston@gmail.com>
Cc: Jim Nasby <jim.nasby@gmail.com>, Robert Haas <robertmhaas@gmail.com>, pgsql-hackers@lists.postgresql.org
Date: 2024-02-12T21:29:32Z
Lists: pgsql-hackers

Attachments

On 28.01.2024 22:51, Pavel Luzanov wrote:
> I'll think about it and try to implement in the next patch version 
> within a few days.

Sorry for delay.

Please look at v4.
I tried to implement all of David's suggestions.
The only addition - "Login" column. I still thinks this is important information to be highlighted.
Especially considering that the Attributes column small enough with a newline separator.

The changes are split into two patches.
0001 - pg_roles view. I plan to organize a new thread for discussion.
0002 - \du command. It depends on 0001 for "Password?" and "Valid until" columns.

Output for superuser:

postgres@postgres(17.0)=# \du+
                                                                        List of roles
     Role name     | Login | Attributes  | Password? |           Valid until           | Connection limit |                   Description
------------------+-------+-------------+-----------+---------------------------------+------------------+--------------------------------------------------
  postgres         | yes   | Superuser  +| no        |                                 |                  |
                   |       | Create DB  +|           |                                 |                  |
                   |       | Create role+|           |                                 |                  |
                   |       | Inherit    +|           |                                 |                  |
                   |       | Replication+|           |                                 |                  |
                   |       | Bypass RLS  |           |                                 |                  |
  regress_du_admin | yes   | Create role+| yes       | infinity                        |                  | User createrole attribute
                   |       | Inherit     |           |                                 |                  |
  regress_du_role0 | yes   | Create DB  +| yes       | 2024-12-31 00:00:00+03          |                  |
                   |       | Inherit    +|           |                                 |                  |
                   |       | Replication+|           |                                 |                  |
                   |       | Bypass RLS  |           |                                 |                  |
  regress_du_role1 | no    | Inherit     | no        | 2024-12-31 00:00:00+03(invalid) | 50               | Group role without password but with valid until
  regress_du_role2 | yes   | Inherit     | yes       |                                 | Not allowed      | No connections allowed
  regress_du_role3 | yes   |             | yes       |                                 | 10               | User without attributes
  regress_du_su    | yes   | Superuser  +| yes       |                                 | 3(ignored)       | Superuser but with connection limit
                   |       | Create DB  +|           |                                 |                  |
                   |       | Create role+|           |                                 |                  |
                   |       | Inherit    +|           |                                 |                  |
                   |       | Replication+|           |                                 |                  |
                   |       | Bypass RLS  |           |                                 |                  |
(7 rows)

Output for regress_du_admin (can see password for regress_du_role[0,1,2]
but not for regress_du_role3):

regress_du_admin@postgres(17.0)=> \du regress_du_role*
                                               List of roles
     Role name     | Login | Attributes  | Password? |           Valid until           | Connection limit
------------------+-------+-------------+-----------+---------------------------------+------------------
  regress_du_role0 | yes   | Create DB  +| yes       | 2024-12-31 00:00:00+03          |
                   |       | Inherit    +|           |                                 |
                   |       | Replication+|           |                                 |
                   |       | Bypass RLS  |           |                                 |
  regress_du_role1 | no    | Inherit     | no        | 2024-12-31 00:00:00+03(invalid) | 50
  regress_du_role2 | yes   | Inherit     | yes       |                                 | Not allowed
  regress_du_role3 | yes   |             |           |                                 | 10
(4 rows)

Output for regress_du_role3 (no password information):

regress_du_role3@postgres(17.0)=> \du regress_du_role*
                                          List of roles
     Role name     | Login | Attributes  | Password? |      Valid until       | Connection limit
------------------+-------+-------------+-----------+------------------------+------------------
  regress_du_role0 | yes   | Create DB  +|           | 2024-12-31 00:00:00+03 |
                   |       | Inherit    +|           |                        |
                   |       | Replication+|           |                        |
                   |       | Bypass RLS  |           |                        |
  regress_du_role1 | no    | Inherit     |           | 2024-12-31 00:00:00+03 | 50
  regress_du_role2 | yes   | Inherit     |           |                        | Not allowed
  regress_du_role3 | yes   |             |           |                        | 10
(4 rows)


Any comments. What did I miss?

-- 
Pavel Luzanov
Postgres Professional:https://postgrespro.com