Home > mailing lists

Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken - Mailing list pgsql-hackers

From	Josh Berkus
Subject	Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken
Date	April 29, 2013 20:50:12
Msg-id	517EB2CA.9020205@agliodbs.com Whole thread Raw
In response to	ALTER DEFAULT PRIVILEGES FOR ROLE is broken (Josh Berkus <josh@agliodbs.com>)
List	pgsql-hackers

Tree view

> Right.  I wonder if there's any good reason why we shouldn't extend
> aclerror() to, in all cases, add a DETAIL line along the lines of
> 
>     ERROR:  permission denied for schema web
>     DETAIL:  This operation requires role X to have privilege Y.
> 
> Is there any scenario where this'd be exposing too much info?

Not that I can think of.  The fact that role X doesn't have create on
schema Y isn't exactly privileged info.  Further, to make any use of
that information, you'd have to be able to SET ROLE X, in which case you
can just test for yourself if X has CREATE permission.

-- 
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com

pgsql-hackers by date:

From: Fabien COELHO
Date: 29 April 2013, 20:45:39
Subject: Re: [PATCH] add --throttle option to pgbench

From: Fabien COELHO
Date: 29 April 2013, 21:09:01
Subject: Re: [PATCH] add --throttle option to pgbench

Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken - Mailing list pgsql-hackers

Previous

Next