Re: improving user.c error messages
От | Nathan Bossart |
---|---|
Тема | Re: improving user.c error messages |
Дата | |
Msg-id | 20230220225852.GA3940888@nathanxps13 обсуждение исходный текст |
Ответ на | Re: improving user.c error messages (Nathan Bossart <nathandbossart@gmail.com>) |
Ответы |
Re: improving user.c error messages
|
Список | pgsql-hackers |
On Mon, Feb 20, 2023 at 11:02:10AM -0800, Nathan Bossart wrote: > On Mon, Feb 20, 2023 at 08:54:48AM +0100, Peter Eisentraut wrote: >> I'm concerned about the loose use of "privilege" here. A privilege is >> something I can grant. So if someone doesn't have the "REPLICATION >> privilege", as in the above example, I would expect to be able to do "GRANT >> REPLICATION TO someuser". Since that is not what is happening, we should >> use some other term. The documentation around CREATE USER uses the terms >> "attribute" and "option" (and also "privilege") for these things. > > Good point. I will adjust these to use "attribute" instead. done in v6 >> Similarly -- this is an existing issue but we might as well look at it -- in >> something like >> >> must be superuser or a role with privileges of the >> pg_write_server_files role >> >> the phrase "a role with the privileges of that other role" seems ambiguous. >> Doesn't it really mean you must be a member of that role? > > Membership alone is not sufficient. You must also inherit the privileges > of the role via the INHERIT option. I thought about making this something > like > > must have the INHERIT option on role %s > > but I'm not sure that's accurate either. That wording makes it sound lіke > you need to be granted membership to the role directly WITH INHERIT OPTION, > but what you really need is membership, direct or indirect, with an INHERIT > chain up to the role in question. However, it looks like "must have the > ADMIN option on role %s" is used to mean something similar, so perhaps I am > overthinking it. For now, I've reworded these as "must inherit privileges of". -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
Вложения
В списке pgsql-hackers по дате отправления: