Re: [HACKERS] SET ROLE and reserved roles

Wed, 13 Apr 2016 05:50:42 -0700 

On Wed, Apr 13, 2016 at 5:58 PM, Amit Langote
<[email protected]> wrote:
> Is that behavior deliberate? Might it be better to handle the case
> specially much as setting to "none" works?  Such as:
>
> ERROR: cannot set to reserved role "pg_signal_backend"
>
> Sorry if I have missed any discussion where such a choice was deliberately
> made.

I agree that this is a bit surprising. We could do something like the
attached, and switch the error code to ERRCODE_RESERVED_NAME as well
without caring much if a system role exists or not, this does not seem
worth doing a catalog lookup:
=# set role to pg_test;
ERROR:  42939: role "pg_test" is reserved
LOCATION:  call_string_check_hook, guc.c:9788
=# set role to pg_signal_backend;
ERROR:  42939: role "pg_signal_backend" is reserved
LOCATION:  call_string_check_hook, guc.c:9788
-- 
Michael

diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index 57da014..7772cbe 100644
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -856,7 +856,11 @@ check_role(char **newval, void **extra, GucSource source)
 	}
 	/* Do not allow setting role to a reserved role. */
 	else if (strncmp(*newval, "pg_", 3) == 0)
+	{
+		GUC_check_errcode(ERRCODE_RESERVED_NAME);
+		GUC_check_errmsg("role \"%s\" is reserved", *newval);
 		return false;
+	}
 	else
 	{
 		if (!IsTransactionState())
diff --git a/src/test/regress/expected/rolenames.out b/src/test/regress/expected/rolenames.out
index 15a97ab..12d1e76 100644
--- a/src/test/regress/expected/rolenames.out
+++ b/src/test/regress/expected/rolenames.out
@@ -823,9 +823,9 @@ GRANT pg_abc TO pg_abcdef; -- error
 ERROR:  role "pg_abcdef" is reserved
 DETAIL:  Cannot GRANT roles to a reserved role.
 SET ROLE pg_testrole; -- error
-ERROR:  invalid value for parameter "role": "pg_testrole"
+ERROR:  role "pg_testrole" is reserved
 SET ROLE pg_signal_backend; --error
-ERROR:  invalid value for parameter "role": "pg_signal_backend"
+ERROR:  role "pg_signal_backend" is reserved
 CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --error
 ERROR:  role "pg_signal_backend" is reserved
 DETAIL:  Cannot specify reserved role as owner.

-- 
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to