On 8 April 2015 at 16:27, Stephen Frost <sfrost@snowman.net> wrote:
> * Dean Rasheed (dean.a.rasheed@gmail.com) wrote:
>> I actually re-used the sql status code 42501 -
>> ERRCODE_INSUFFICIENT_PRIVILEGE for a RLS check failure because of the
>> parallel with permissions checks, but I quite like Craig's idea of
>> inventing a new status code for this, so that it can be more easily
>> distinguished from a lack of GRANTed privileges.
>
> As I mentioned to Kevin, I'm not sure that this is really a useful
> distinction. I'm quite curious if other systems provide that
> distinction between grant violations and policy violations. If they do
> then that would certainly bolster the argument to provide the
> distinction in PG.
>
OK, on further reflection I think that's probably right.
ERRCODE_INSUFFICIENT_PRIVILEGE is certainly more appropriate than
anything based on a WCO violation, because it reflects the fact that
the current user isn't allowed to perform the insert/update, but
another user might be allowed, so this is a privilege problem, not a
data error.
Regards,
Dean