From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
---|---|
To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
Cc: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: improving user.c error messages |
Date: | 2023-03-09 09:55:54 |
Message-ID: | abf97f0d-79b4-217c-2ea8-d081648d9a6d@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 20.02.23 23:58, Nathan Bossart wrote:
>>> Similarly -- this is an existing issue but we might as well look at it -- in
>>> something like
>>>
>>> must be superuser or a role with privileges of the
>>> pg_write_server_files role
>>>
>>> the phrase "a role with the privileges of that other role" seems ambiguous.
>>> Doesn't it really mean you must be a member of that role?
>>
>> Membership alone is not sufficient. You must also inherit the privileges
>> of the role via the INHERIT option. I thought about making this something
>> like
>>
>> must have the INHERIT option on role %s
>>
>> but I'm not sure that's accurate either. That wording makes it sound lіke
>> you need to be granted membership to the role directly WITH INHERIT OPTION,
>> but what you really need is membership, direct or indirect, with an INHERIT
>> chain up to the role in question. However, it looks like "must have the
>> ADMIN option on role %s" is used to mean something similar, so perhaps I am
>> overthinking it.
>
> For now, I've reworded these as "must inherit privileges of".
I don't have a good mental model of all this role inheritance,
personally, but I fear that this change makes the messages more jargony
and less clear. Maybe the original wording was good enough.
A couple of other thoughts:
"admin option" is sort of a natural language term, I think, so we don't
need to parametrize it as "%s option". Also, there are no other
"options" in this context, I think.
A general thought: It seems we currently don't have any error messages
that address the user like "You must do this". Do we want to go there?
Should we try for a more impersonal wording like
"You must have the %s attribute to create roles."
"Current user must have the %s attribute to create roles."
"%s attribute is required to create roles."
By the way, I'm not sure what the separation between 0001 and 0002 is
supposed to be.
From | Date | Subject | |
---|---|---|---|
Next Message | Önder Kalacı | 2023-03-09 09:55:55 | Re: [PATCH] Use indexes on the subscriber when REPLICA IDENTITY is full on the publisher |
Previous Message | Önder Kalacı | 2023-03-09 09:55:51 | Re: [PATCH] Use indexes on the subscriber when REPLICA IDENTITY is full on the publisher |