Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken
| От | Tom Lane |
|---|---|
| Тема | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken |
| Дата | |
| Msg-id | 5399.1367256347@sss.pgh.pa.us обсуждение |
| Ответ на | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken (Josh Berkus <josh@agliodbs.com>) |
| Ответы |
Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken
|
| Список | pgsql-hackers |
Josh Berkus <josh@agliodbs.com> writes:
> On 04/29/2013 09:59 AM, Tom Lane wrote:
>> As I pointed out to you last night, it does already say that.
>> I think the problem here is that we're just throwing a generic
>> permissions failure rather than identifying the particular permission
>> needed.
> Yeah, a better error message would help a lot. My first thought was
> "WTF? I'm the superuser, whaddya mean, 'permission denied'"?
Right. I wonder if there's any good reason why we shouldn't extend
aclerror() to, in all cases, add a DETAIL line along the lines of
ERROR: permission denied for schema webDETAIL: This operation requires role X to have privilege Y.
Is there any scenario where this'd be exposing too much info?
regards, tom lane
В списке pgsql-hackers по дате отправления: