From 3ab31bc755043973ce56ee620ad99b5789d12111 Mon Sep 17 00:00:00 2001 From: Joseph Koshakow Date: Fri, 24 Feb 2023 12:05:19 -0500 Subject: [PATCH] Add details to ALTER ROLE permission errors --- src/backend/commands/user.c | 4 ++-- src/test/regress/expected/create_role.out | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 3a92e930c0..2c7a4204a6 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -761,7 +761,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) dvalidUntil || disreplication || dbypassRLS) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("permission denied"))); + errmsg("permission denied to alter role"))); /* an unprivileged user can change their own password */ if (dpassword && roleid != currentUserId) @@ -1008,7 +1008,7 @@ AlterRoleSet(AlterRoleSetStmt *stmt) && roleid != GetUserId()) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("permission denied"))); + errmsg("permission denied to alter role"))); } ReleaseSysCache(roletuple); diff --git a/src/test/regress/expected/create_role.out b/src/test/regress/expected/create_role.out index 9f431bd4f5..691cff86d2 100644 --- a/src/test/regress/expected/create_role.out +++ b/src/test/regress/expected/create_role.out @@ -98,7 +98,7 @@ ERROR: must have admin option on role "regress_role_normal" ALTER ROLE regress_role_normal RENAME TO regress_role_abnormal; ERROR: permission denied to rename role ALTER ROLE regress_role_normal NOINHERIT NOLOGIN CONNECTION LIMIT 7; -ERROR: permission denied +ERROR: permission denied to alter role -- ok, regress_tenant can create objects within the database SET SESSION AUTHORIZATION regress_tenant; CREATE TABLE tenant_table (i integer); -- 2.34.1