| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | loren(at)paradigm(dot)xyz, PostgreSQL mailing lists <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: BUG #17626: Permission denied errors should list role as well as user |
| Date: | 2022-10-03 22:04:27 |
| Message-ID: | CAKFQuwbS7JewidNKDN6W87wna-ZBbZx7xtMr=ksmWdFaEqJekQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Mon, Oct 3, 2022, 08:53 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> > Basically, a permission check requires two things and the complaint is
> that
> > only one of those things is mentioned in the error message.
>
> No, the complaint is that the wrong thing is shown --- but I don't
> know what's showing it; aclcheck_error() certainly doesn't.
>
> There's a separate conversation to be had perhaps about whether
> aclcheck_error's standard message *should* include the role name
> whose permissions were checked. I have a vague feeling that that
> omission was intentional, but it was so long ago that I don't
> recall for sure. It seems like something that'd be good to show
> in more complicated situations with views, security definer
> functions, etc.
>
>
Replied too early, I see that now. There have been a couple of recent
discussions that have made me want to see what role PostgreSQL is
considering in cases like you mention that my mind just went there.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-10-04 22:54:08 | Re: Startup process on a hot standby crashes with an error "invalid memory alloc request size 1073741824" while replaying "Standby/LOCK" records |
| Previous Message | Loren Siebert | 2022-10-03 17:12:44 | Re: BUG #17626: Permission denied errors should list role as well as user |