"David G. Johnston" <david.g.johnston@gmail.com> writes: > Basically, a permission check requires two things and the complaint is that > only one of those things is mentioned in the error message.
No, the complaint is that the wrong thing is shown --- but I don't know what's showing it; aclcheck_error() certainly doesn't.
There's a separate conversation to be had perhaps about whether aclcheck_error's standard message *should* include the role name whose permissions were checked. I have a vague feeling that that omission was intentional, but it was so long ago that I don't recall for sure. It seems like something that'd be good to show in more complicated situations with views, security definer functions, etc.
Replied too early, I see that now. There have been a couple of recent discussions that have made me want to see what role PostgreSQL is considering in cases like you mention that my mind just went there.