|From:||Craig Ringer <craig(at)2ndquadrant(dot)com>|
|To:||PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>|
|Subject:||Row security violation error is misleading|
|Views:||Raw Message | Whole Thread | Download mbox|
When attempting to insert a row that violates a row security policy that
applies to writes, the error message emitted references WITH CHECK OPTION,
even though (as far as the user knows) there's no such thing involved.
If you understand the internals you'd know that row security re-uses the
same logic as WITH CHECK OPTION, but it's going to be confusing for users.
postgres=> INSERT INTO clients (account_name, account_manager) VALUES
('peters', 'peter'), ('johannas', 'johanna');
ERROR: 44000: new row violates WITH CHECK OPTION for "clients"
DETAIL: Failing row contains (7, johannas, johanna).
LOCATION: ExecWithCheckOptions, execMain.c:1683
... yet "clients" is a table, not a view, and cannot have a WITH CHECK
There is no reference to the policy being violated or to the fact that it's
row security involved.
I think this is going to be very confusing for users. I was expecting to
see something more like:
ERROR: 44000: new row in table 'clients' violates row level security
Re-using the SQLSTATE 44000 is a bit iffy too. We should probably define
something to differentiate this, like:
44P01 ROW SECURITY WRITE POLICY VIOLATION
(I've finally found some time to try to review the user-facing side of the
row security patch as-committed).
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
|Next Message||Andres Freund||2015-04-07 12:54:20||Re: Assertion failure when streaming logical changes|
|Previous Message||Craig Ringer||2015-04-07 10:41:59||PATCH: Add 'pid' column to pg_replication_slots|