On 17.02.2024 00:37, David G. Johnston wrote:
On Mon, Feb 12, 2024 at 2:29 PM Pavel Luzanov
<p.luza...@postgrespro.ru> wrote:
regress_du_role1 | no | Inherit | no | 2024-12-31
00:00:00+03(invalid) | 50 | Group role without password but with
valid until
regress_du_role2 | yes | Inherit | yes |
| Not allowed | No connections allowed
regress_du_role3 | yes | | yes |
| 10 | User without attributes
regress_du_su | yes | Superuser +| yes |
| 3(ignored) | Superuser but with connection limit
Per the recent bug report, we should probably add something like
(ignored) after the 50 connections for role1 since they are not
allowed to login so the value is indeed ignored.
Hm, but the same logic applies to "Password?" and "Valid until" for role1
without login attribute.
The challenge is how to display it for unprivileged users. But they can't see
password information.
So, displaying 'Valid until' as '(irrelevant)' for privileged users and real
value for others looks badly.
What can be done in this situation.
0. Show different values as described above.
1. Don't show 'Valid until' for unprivileged users at all. The same logic as
for 'Password?'.
With possible exception: user can see 'Valid until' for himself.
May be too complicated?
2. Tom's advise:
Not sure it's worth worrying about
Show real values for 'Valid until' and 'Connection limit' without any hints.
3. The best solution, which I can't see now.
--
Pavel Luzanov
Postgres Professional:https://postgrespro.com
