Re: BUG #17626: Permission denied errors should list role as well as user

I think what may be happening here is that the Postgres error and "permission
denied for table foo" message are getting caught by the ORM I am using
(Prisma) and it is prepending "user=elevated_user" to that but no role
information. That's probably the more appropriate place for me to take this
up.

Thank you Tom and David for looking into this and for your work on Postgres!

On Mon, Oct 3, 2022 at 8:53 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> > Basically, a permission check requires two things and the complaint is
> that
> > only one of those things is mentioned in the error message.
>
> No, the complaint is that the wrong thing is shown --- but I don't
> know what's showing it; aclcheck_error() certainly doesn't.
>
> There's a separate conversation to be had perhaps about whether
> aclcheck_error's standard message *should* include the role name
> whose permissions were checked. I have a vague feeling that that
> omission was intentional, but it was so long ago that I don't
> recall for sure. It seems like something that'd be good to show
> in more complicated situations with views, security definer
> functions, etc.
>
> regards, tom lane
>