Row security violation error is misleading

From: Craig Ringer <craig(at)2ndquadrant(dot)com>
To: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>
Subject: Row security violation error is misleading
Date: 2015-04-07 12:11:49
Views: Raw Message | Whole Thread | Download mbox
Lists: pgsql-hackers

When attempting to insert a row that violates a row security policy that
applies to writes, the error message emitted references WITH CHECK OPTION,
even though (as far as the user knows) there's no such thing involved.
If you understand the internals you'd know that row security re-uses the
same logic as WITH CHECK OPTION, but it's going to be confusing for users.

postgres=> INSERT INTO clients (account_name, account_manager) VALUES
('peters', 'peter'), ('johannas', 'johanna');
ERROR: 44000: new row violates WITH CHECK OPTION for "clients"
DETAIL: Failing row contains (7, johannas, johanna).
LOCATION: ExecWithCheckOptions, execMain.c:1683

... yet "clients" is a table, not a view, and cannot have a WITH CHECK
OPTION clause.

There is no reference to the policy being violated or to the fact that it's
row security involved.

I think this is going to be very confusing for users. I was expecting to
see something more like:

ERROR: 44000: new row in table 'clients' violates row level security
policy 'just_own_clients'

Re-using the SQLSTATE 44000 is a bit iffy too. We should probably define
something to differentiate this, like:


(I've finally found some time to try to review the user-facing side of the
row security patch as-committed).

Craig Ringer
PostgreSQL Development, 24x7 Support, Training & Services


Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2015-04-07 12:54:20 Re: Assertion failure when streaming logical changes
Previous Message Craig Ringer 2015-04-07 10:41:59 PATCH: Add 'pid' column to pg_replication_slots