| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: improving user.c error messages |
| Date: | 2023-01-26 22:41:32 |
| Message-ID: | 3221234.1674772892@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Nathan Bossart <nathandbossart(at)gmail(dot)com> writes:
> On Thu, Jan 26, 2023 at 03:07:43PM -0500, Tom Lane wrote:
>> I think the password case needs to be kept separate, because the
>> conditions for it are different (specifically the exception that
>> you can alter your own password). Lumping the rest together
>> seems OK to me.
> Hm. In v2, the error message for both cases is the same:
> ERROR: permission denied to alter role
> DETAIL: You must have CREATEROLE privilege and ADMIN OPTION on role "regress_priv_user2".
> We could add "to change its attributes" and "to change its password" to
> separate the two, but I'm not sure that adds much. ISTM the current error
> message for ALTER ROLE PASSWORD implies that you can change your own
> password, and that's lost with my patch. Perhaps we should add an
> errhint() with that information instead. WDYT?
Well, it's not a hint. I think the above is fine for non-password
cases, but for passwords maybe
ERROR: permission denied to alter role password
DETAIL: To change another role's password, you must have CREATEROLE privilege and ADMIN OPTION on role "%s".
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2023-01-26 22:50:10 | Re: Something is wrong with wal_compression |
| Previous Message | Tom Lane | 2023-01-26 22:37:05 | Re: suppressing useless wakeups in logical/worker.c |