| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken |
| Date: | 2013-04-29 17:50:02 |
| Message-ID: | 517EB2CA.9020205@agliodbs.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Right. I wonder if there's any good reason why we shouldn't extend
> aclerror() to, in all cases, add a DETAIL line along the lines of
>
> ERROR: permission denied for schema web
> DETAIL: This operation requires role X to have privilege Y.
>
> Is there any scenario where this'd be exposing too much info?
Not that I can think of. The fact that role X doesn't have create on
schema Y isn't exactly privileged info. Further, to make any use of
that information, you'd have to be able to SET ROLE X, in which case you
can just test for yourself if X has CREATE permission.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fabien COELHO | 2013-04-29 18:08:40 | Re: [PATCH] add --throttle option to pgbench |
| Previous Message | Fabien COELHO | 2013-04-29 17:45:18 | Re: [PATCH] add --throttle option to pgbench |