| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Misleading error "permission denied for table" |
| Date: | 2024-10-16 16:12:53 |
| Message-ID: | Zw_mBY348l0zhhsL@nathan |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Oct 16, 2024 at 07:36:29PM +0530, Ashutosh Bapat wrote:
> In privileges.sql there are tests for column level privileges e.g.
>
> INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set
> three = 10 RETURNING atest5.three;
> ERROR: permission denied for table atest5
>
> In the above case the current user regress_priv_user4, doesn't have
> privileges to access atest5.three. But the error does not mention
> atest5.three anywhere. In fact, if the same query were to be changed
> to return atest5.four, it would succeed since the user has privileges
> to access column atest5.four.
>
> Shouldn't we report "permission defined for column atest5.three?
We do have "permission denied for column" messages in aclchk.c (e.g.,
aclcheck_error_col()), but I don't see them actually used anywhere (or at
least they don't show up in any expected regression test output). I'm
inclined to agree that a more specific error would be nice, but I worry
there's some hidden complexity that's prevented it thus far...
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Shayon Mukherjee | 2024-10-16 16:19:47 | Re: Proposal to Enable/Disable Index using ALTER INDEX (with patch) |
| Previous Message | Jacob Champion | 2024-10-16 16:04:50 | Re: New "raw" COPY format |