improve more permissions-related error messages
This is intended as a follow-up to de4d456 [0]/messages/by-id/20230126002251.GA1506128@nathanxps13. I noticed that c3afe8c
introduced another "must have privileges" error message that I think should
be adjusted to use the new style introduced in de4d456. І've attached a
small patch for this.
While looking around for other such error messages, I found a few dozen
"must be superuser" errors that might be improved with the new style. If
folks feel this is worthwhile, I'll put together a patch.
[0]: /messages/by-id/20230126002251.GA1506128@nathanxps13
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
Attachments:
improve_errmsg.patchtext/x-diff; charset=us-asciiDownload
diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c
index 8b3de032ee..e8b288d01c 100644
--- a/src/backend/commands/subscriptioncmds.c
+++ b/src/backend/commands/subscriptioncmds.c
@@ -611,7 +611,9 @@ CreateSubscription(ParseState *pstate, CreateSubscriptionStmt *stmt,
if (!has_privs_of_role(owner, ROLE_PG_CREATE_SUBSCRIPTION))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must have privileges of pg_create_subscription to create subscriptions")));
+ errmsg("permission denied to create subscription"),
+ errdetail("Only roles with privileges of the \"%s\" role may create subscriptions.",
+ "pg_create_subscription")));
/*
* Since a subscription is a database object, we also check for CREATE
diff --git a/src/test/regress/expected/subscription.out b/src/test/regress/expected/subscription.out
index d736246259..8b5f657897 100644
--- a/src/test/regress/expected/subscription.out
+++ b/src/test/regress/expected/subscription.out
@@ -79,7 +79,8 @@ ERROR: subscription "regress_testsub" already exists
-- fail - must be superuser
SET SESSION AUTHORIZATION 'regress_subscription_user2';
CREATE SUBSCRIPTION regress_testsub2 CONNECTION 'dbname=regress_doesnotexist' PUBLICATION foo WITH (connect = false);
-ERROR: must have privileges of pg_create_subscription to create subscriptions
+ERROR: permission denied to create subscription
+DETAIL: Only roles with privileges of the "pg_create_subscription" role may create subscriptions.
SET SESSION AUTHORIZATION 'regress_subscription_user';
-- fail - invalid option combinations
CREATE SUBSCRIPTION regress_testsub2 CONNECTION 'dbname=regress_doesnotexist' PUBLICATION testpub WITH (connect = false, copy_data = true);
Nathan Bossart <nathandbossart@gmail.com> writes:
This is intended as a follow-up to de4d456 [0]. I noticed that c3afe8c
introduced another "must have privileges" error message that I think should
be adjusted to use the new style introduced in de4d456. І've attached a
small patch for this.
+1
While looking around for other such error messages, I found a few dozen
"must be superuser" errors that might be improved with the new style. If
folks feel this is worthwhile, I'll put together a patch.
The new style is better for cases where we've broken out a predefined role
that has the necessary privilege. I'm not sure it's worth troubling
with cases that are still just "must be superuser". It seems like
you'd mostly just be creating work for the translation team.
regards, tom lane
On Fri, May 12, 2023 at 04:43:08PM -0400, Tom Lane wrote:
Nathan Bossart <nathandbossart@gmail.com> writes:
While looking around for other such error messages, I found a few dozen
"must be superuser" errors that might be improved with the new style. If
folks feel this is worthwhile, I'll put together a patch.The new style is better for cases where we've broken out a predefined role
that has the necessary privilege. I'm not sure it's worth troubling
with cases that are still just "must be superuser". It seems like
you'd mostly just be creating work for the translation team.
Makes sense, thanks.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com