Dave Page wrote:
Hi Andreas
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Andreas Pflug
Sent: 31 July 2005 13:40
To: pgadmin-hackers
Subject: [pgadmin-hackers] RFC: roles
I had a look at roles, and was wondering about the best way
to support them.
Purely, it's not a problem at all: just expose pg_authid and
pg_auth_members in dialogs/lists.
OTOH, it might be quite confusing for 1st time users that
there are only
roles with some attributes, no users and groups. Should we have two
modes for it: The reduced view with users and groups (where a
group may
be a group member too) and an enhanced view that allows all
role features?
Additionally, this has also some impact on the security properties,
since a role that may login currently wouldn't be exposed as
grantee by
default.
Thoughts?
I think I would be inclined just to have the full view of everything.
Roles effectively deprecate users and groups, so I don't think we should
try to fool the user into thinking they are still there. For convenience
though, perhaps we should notate which roles have login somehow -
perhaps a trailing asterisk?
How ugly! The icon can signal it.
Still questions open:
Hierarchical or flat view? Separate grouping for login/nologin roles,
roles with/without childs?
Actually, I don't find it good practice to use a role as group and login
at the same time. I'd be inclined to name all roles with login without
childs a user, the rest role/group, grouping them accordingly.
Regards,
Andreas
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
