Re: RFC: roles

Dave Page wrote:
> Hi Andreas
>
>
>>-----Original Message-----
>>From: pgadmin-hackers-owner@postgresql.org
>>[mailto:pgadmin-hackers-owner@postgresql.org] On Behalf Of
>>Andreas Pflug
>>Sent: 31 July 2005 13:40
>>To: pgadmin-hackers
>>Subject: [pgadmin-hackers] RFC: roles
>>
>>I had a look at roles, and was wondering about the best way
>>to support them.
>>
>>Purely, it's not a problem at all: just expose pg_authid and
>>pg_auth_members in dialogs/lists.
>>
>>OTOH, it might be quite confusing for 1st time users that
>>there are only
>>roles with some attributes, no users and groups. Should we have two
>>modes for it: The reduced view with users and groups (where a
>>group may
>>be a group member too) and an enhanced view that allows all
>>role features?
>>Additionally, this has also some impact on the security properties,
>>since a role that may login currently wouldn't be exposed as
>>grantee by
>>default.
>>
>>Thoughts?
>
>
> I think I would be inclined just to have the full view of everything.
> Roles effectively deprecate users and groups, so I don't think we should
> try to fool the user into thinking they are still there.  For convenience
> though, perhaps we should notate which roles have login somehow -
> perhaps a trailing asterisk?

How ugly! The icon can signal it.

Still questions open:
Hierarchical or flat view? Separate grouping for login/nologin roles,
roles with/without childs?

Actually, I don't find it good practice to use a role as group and login
at the same time. I'd be inclined to name all roles with login without
childs a user, the rest role/group, grouping them accordingly.

Regards,
Andreas