Re: improving user.c error messages
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>,
"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2023-01-26T01:45:22Z
Lists: pgsql-hackers
Nathan Bossart <nathandbossart@gmail.com> writes: > On Thu, Jan 19, 2023 at 10:20:33AM -0500, Robert Haas wrote: >> That would be great. I agree that it's good to try to improve the >> error messages. It hasn't been entirely clear to me how to do that. >> For instance, I don't think we want to say something like: >> >> ERROR: must have CREATEROLE privilege and ADMIN OPTION on the target >> role, or in lieu of both of those to be superuser, to set the >> CONNECTION LIMIT for another role >> ERROR: must have CREATEROLE privilege and ADMIN OPTION on the target >> role, plus also CREATEDB, or in lieu of all that to be superuser, to >> remove the CREATEDB property from another role > Here is an early draft of some modest improvements to the user.c error > messages. I basically just tried to standardize the style of and add > context to the existing error messages. I used errhint() for this extra > context, but errdetail() would work, too. Yeah, I think the right fix is to keep the primary message pretty terse and add detail in secondary messages. IMO most of these are errdetail not errhint, because they are factual details about the rules [1]. But other than that quibble, Nathan's draft looked pretty good in a quick once-over. regards, tom lane [1] https://www.postgresql.org/docs/devel/error-style-guide.html
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Improve several permission-related error messages.
- de4d456b406b 16.0 landed
-
Integrate superuser check into has_rolreplication()
- 442f8700656b 16.0 landed
-
Small code simplification
- 3b7cd8c690f2 16.0 landed
-
Adjust interaction of CREATEROLE with role properties.
- f1358ca52dd7 16.0 landed
-
Add new GUC reserved_connections.
- 6e2775e4d4e4 16.0 landed
-
Rename ReservedBackends variable to SuperuserReservedConnections.
- fe00fec1f5d7 16.0 landed
-
Update docs and error message for superuser_reserved_connections.
- 6c1d5ba48678 16.0 landed
-
Add new GUC createrole_self_grant.
- e5b8a4c098ad 16.0 cited
-
Restrict the privileges of CREATEROLE users.
- cf5eb37c5ee0 16.0 cited
-
Add a SET option to the GRANT command.
- 3d14e171e9e2 16.0 cited