public inbox for [email protected]
help / color / mirror / Atom feedFrom: Andrew Dunstan <[email protected]>
To: Jim Jones <[email protected]>
To: Chao Li <[email protected]>
To: Álvaro Herrera <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Fix wrong error message from pg_get_tablespace_ddl()
Date: Sun, 10 May 2026 08:53:17 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
On 2026-05-10 Su 7:10 AM, Jim Jones wrote:
> Hi Chao
>
> On 09/05/2026 04:01, Chao Li wrote:
>> Álvaro seems to bring the question to a deeper level, and I feel that
>> might be worth a dedicated discussion. For example, I am not sure
>> ACL_CREATE on the tablespace is enough to imply visibility of the
>> tablespace DDL. My understanding is that CREATE on a tablespace
>> allows the user to create objects within that tablespace, but it does
>> not necessarily mean the user is allowed to inspect the definition of
>> the tablespace itself.
>
>
> Yeah, this is a good point. I don't have a strong opinion about it,
> but I'd be inclined to simply deny access to the DDL if the user does
> not have enough privileges -- at least I wouldn't mind seeing an error
> message in my logs :)
>
>
>> How about keeping the scope of this patch narrow, as only adding a
>> hint to guide users on how to fix the error if they really need to
>> view the DDL of the tablespace? I will start a separate thread for
>> the discussion of the access-checking model.
>>
>> The attached v2 keeps the original error message and adds a hint. I
>> took Jim’s comment about avoiding hardcoding "pg_tablespace”. And I
>> also added a hint in pg_get_role_ddl_internal. With v2, the messages
>> are like:
>> ```
>> evantest=> select * from pg_get_tablespace_ddl('ts1');
>> ERROR: permission denied for tablespace "ts1"
>> HINT: Grant SELECT on catalog "pg_tablespace" to read tablespace
>> properties.
>
>
> I'm not sure that telling unprivileged users to grant themselves
> access to pg_tablespace is an improvement -- IMO, a HINT here is
> supposed to be actionable. Perhaps a DETAIL would be a better fit,
> e.g. "DETAIL: The function requires SELECT privilege on catalog
> "pg_tablespace"."
>
> On top of that, I'm also not sure that replacing the aclcheck_error
> with an ereport just for the hint/detail is an option, since
> aclcheck_error is supposed to provide "Standardized reporting of
> aclcheck permissions failures." (from the aclcheck_error header comment)
>
>
I keep coming back to this point: if the user can access pg_tablespace
they can see the information anyway. This is an informational function,
and there is no implied guarantee that the user is going to be able to
run the supplied DDL. I don't think there's anything to do here.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
view thread (10+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Fix wrong error message from pg_get_tablespace_ddl()
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox