Re: improving user.c error messages
Peter Eisentraut <peter.eisentraut@enterprisedb.com>
From: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Alvaro Herrera <alvherre@alvh.no-ip.org>, Tom Lane <tgl@sss.pgh.pa.us>,
Robert Haas <robertmhaas@gmail.com>,
"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2023-03-16T15:24:07Z
Lists: pgsql-hackers
On 10.03.23 01:03, Nathan Bossart wrote:
>>> By the way, I'm not sure what the separation between 0001 and 0002 is
>>> supposed to be.
>> I'll combine them. I first started with user.c only, but we kept finding
>> new messages to improve.
> I combined the patches in v7.
I have committed two pieces that were not message changes separately.
I think the following change in DropRole() is incorrect:
if (!is_admin_of_role(GetUserId(), roleid))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must have admin option on role \"%s\"",
- role)));
+ errmsg("permission denied to drop role"),
+ errdetail("Only roles with the %s attribute and the
%s option on role \"%s\" may drop this role.",
+ "CREATEROLE", "ADMIN",
NameStr(roleform->rolname))));
The message does not reflect what check is actually performed. (Perhaps
this was confused with a similar but not exactly the same check in
RenameRole().)
That was the only "factual" error that I found.
In file_fdw_validator(), the option names "filename" and "program" could
be parameterized.
In DropOwnedObjects() and ReassignOwnedObjects(), I suggest the
following changes, for clarity:
- errdetail("Only roles with privileges of role \"%s\" may drop its
objects.",
+ errdetail("Only roles with privileges of role \"%s\" may drop objects
owned by it.",
- errdetail("Only roles with privileges of role \"%s\" may reassign its
objects.",
+ errdetail("Only roles with privileges of role \"%s\" may reassign
objects owned by it.",
The rest looks okay to me.
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Improve several permission-related error messages.
- de4d456b406b 16.0 landed
-
Integrate superuser check into has_rolreplication()
- 442f8700656b 16.0 landed
-
Small code simplification
- 3b7cd8c690f2 16.0 landed
-
Adjust interaction of CREATEROLE with role properties.
- f1358ca52dd7 16.0 landed
-
Add new GUC reserved_connections.
- 6e2775e4d4e4 16.0 landed
-
Rename ReservedBackends variable to SuperuserReservedConnections.
- fe00fec1f5d7 16.0 landed
-
Update docs and error message for superuser_reserved_connections.
- 6c1d5ba48678 16.0 landed
-
Add new GUC createrole_self_grant.
- e5b8a4c098ad 16.0 cited
-
Restrict the privileges of CREATEROLE users.
- cf5eb37c5ee0 16.0 cited
-
Add a SET option to the GRANT command.
- 3d14e171e9e2 16.0 cited