* Kevin Grittner (kgrittn@ymail.com) wrote:
> Dean Rasheed <dean.a.rasheed@gmail.com> wrote:
>
> >> Re-using the SQLSTATE 44000 is a bit iffy too. We should
> >> probably define something to differentiate this, like:
> >>
> >> 44P01 ROW SECURITY WRITE POLICY VIOLATION
> >
> > Yes, that sounds sensible.
>
> I would be more inclined to use:
>
> 42501 ERRCODE_INSUFFICIENT_PRIVILEGE
>
> I know this is used 173 other places where a user attempts to do
> something they are not authorized to do, so you would not be able
> to differentiate the specific cause based on SQLSTATE if this is
> used -- but why don't we feel that way about the other 173 causes?
> Why does this security violation require a separate SQLSTATE?
I tend to agree with this and it feels more consistent. SQLSTATE is
already a very generic response system and knowing that it's a policy
violation instead of a GRANT violations strikes me as unlikely to be
terribly interesting at the level where you're just looking at the
SQLSTATE code.
Thanks!
Stephen