On 11/26/14 10:24 AM, Stephen Frost wrote: > The implementation detail is that it's not part of the normal > GRANT/REVOKE privilege system, which is why it's useful to note it in > the detail and why we don't need to add an errdetail along the lines of > 'You must have SELECT rights on relation X to SELECT from it'.
I don't agree with this argument, but I might agree with the conclusion. ;-) I think in the past, error messages for permission problems were effectively written according to the criterion: "If I can explain the reason for the lack of permission in one short line, then I will, otherwise I will just produce a generic 'permission denied' error and have the user read the manual for the details." The proposed change is effectively: "I will produce a generic 'permission denied' error, and if the reason for the lack of permission is anything other than GRANT/REVOKE, then I will add it to the detail message." That's not necessarily an invalid change, but it implies that there is something special (or less special) about GRANT/REVOKE, and there is no consensus on that. Seeing that we are planning to add more permissions systems of various kinds, I don't think it would be bad to uniformly add "You must have SELECT rights on relation X to SELECT from it" detail messages. The proposed changes would then be subset of that. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
