Josh Berkus <josh@agliodbs.com> writes:
> On 04/29/2013 09:59 AM, Tom Lane wrote:
>> As I pointed out to you last night, it does already say that.
>> I think the problem here is that we're just throwing a generic
>> permissions failure rather than identifying the particular permission
>> needed.
> Yeah, a better error message would help a lot. My first thought was
> "WTF? I'm the superuser, whaddya mean, 'permission denied'"?
Right. I wonder if there's any good reason why we shouldn't extend
aclerror() to, in all cases, add a DETAIL line along the lines of
ERROR: permission denied for schema webDETAIL: This operation requires role X to have privilege Y.
Is there any scenario where this'd be exposing too much info?
regards, tom lane