Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wLJzf-001hhO-2O
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 08 May 2026 12:07:48 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wLJzd-009IcQ-1e
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 08 May 2026 12:07:45 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <andrew@dunslane.net>)
	id 1wLJzd-009IcH-0i
	for pgsql-hackers@lists.postgresql.org;
	Fri, 08 May 2026 12:07:45 +0000
Received: from mail-qt1-x82c.google.com ([2607:f8b0:4864:20::82c])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <andrew@dunslane.net>)
	id 1wLJza-00000000o33-0vpn
	for pgsql-hackers@lists.postgresql.org;
	Fri, 08 May 2026 12:07:44 +0000
Received: by mail-qt1-x82c.google.com with SMTP id
 d75a77b69052e-50fc496c8baso16490551cf.3
        for <pgsql-hackers@lists.postgresql.org>;
 Fri, 08 May 2026 05:07:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=dunslane-net.20251104.gappssmtp.com; s=20251104; t=1778242060;
 x=1778846860; darn=lists.postgresql.org;
        h=content-transfer-encoding:in-reply-to:autocrypt:content-language
         :from:references:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=xozxamkMOROeScxAEzHfFVgw0n+fzKzFnObu4w8DJ4A=;
        b=PlQaMhvMU0BFvHyA4X+y9PebSm/jHDHL3VZ9QOBVO9MZGTFkA/xgby89wt24gBGozy
         FhUWLZolTUgOD+GHfwHACVCwu34F5RHhmwdUezWc2RNXZGWEBAXqdoIAnUkT8BqDTNxp
         Jw0psQHW+ENe55RnXOfX2dg9qbjooifQpBaIiAVgrKnfZz5YuSCvzLouzJVyDN2VdAPP
         VsDRRL8UlMuW3P+wVIa6JuKaK64G7xidI3FBD95LElu6s29kE26ziTO/29B6MJ7wTbGp
         PSkqL12sQITKi5OH5pkQVIkD/6nxYNx7EiDAe7Lv1uvsLmX0DCtc8Xpyv5bZ2STw/2NC
         l9tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1778242060; x=1778846860;
        h=content-transfer-encoding:in-reply-to:autocrypt:content-language
         :from:references:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xozxamkMOROeScxAEzHfFVgw0n+fzKzFnObu4w8DJ4A=;
        b=ELpz+evp6LvX3Eu29wOSszDSxU5NIygcwXegO5JGO1GA2Z49GyQRT6cT9/AizxdtL2
         qhb9G/uqiDjltj54D22w7z4ZAWK7mbFGJfVxC/0mzJJ2RLe/DoEON+fYZKhmP/6CY3nN
         of1ruhWeRJvI4jkNqRGPfhAie/ej4e3fE8mmjkSO1VyAGXZAEgUdxKM4Pgo0fwCI/ipl
         6q1THtQeQDe6NQtNykdK/9s+rHlviJ5hompvLaBhJFZ0pwOrPDo+o5aQQHJU8+sSzdX4
         +eNT1GHiXY1CdumZIqnoW2hVfCF8s9BnF2ixMyqLJesiqHZ+42nLpc6clWKmPMM58Vni
         fX9g==
X-Forwarded-Encrypted: i=1;
 AFNElJ8BtuUGblpDKyEcORmJkvmEOrpR7BgNMSKdwTktfMSZiZtljARhQ/B/u6h9mZhk0pH/v8vf4nPL/EZUxmm/@lists.postgresql.org
X-Gm-Message-State: AOJu0YwIFZXrQ+tDnM50wZkVJgFrYhAI3Bm873mMygk+seiVt3+5wqWZ
	EKgBSvRbUfiihtbTpK6WgSzSL5LhnQWmgGbsGOz4mbVbl8IXnX0PRv+54x/5cLB/FwA=
X-Gm-Gg: AeBDievpj601Echa+vD7LBWb6YGe/LlDTD7GfJke3uJnxbLyThA5JFiUjm1k9MGnsQm
	C/HxtrNckNX5JysLx43KDq4Z/sGokHvF2PJJC6v76tzpKx5XTONjE7c87QWkiUDbiPxhe3lO30p
	2+EBoGxlywP3PHr2kyFOZgis2WbEGP8MrSeLDbcwPhagnvqNkPHE6xebLRGGwXVSz1CbKodKXFH
	iJIFT3fVzLiw0M1OS60fFvF0BePMUE+t0K+hdqZRAB63OekOhOtpJi6wBWKq49X/e30T3uklFYm
	lWxnOKsOIpqEOdrnJBWAOkQpmHGROEAHuUTR77D+TJSYO+4m1pT3fRy/YVo5yy1VQ0jmBpra5Y+
	+69aPnzLJFr3uiZ2a6Qzaic3a5xLrwelejyOqFzrG1juzqiSyu8P9tE66y5LAZO/1yGj84cKPlQ
	kwtPamqDhzaoItiu2gpiQeRmaHtFqmeg==
X-Received: by 2002:a05:622a:5e14:b0:50d:a26e:1e95 with SMTP id
 d75a77b69052e-514621e23a5mr164054631cf.47.1778242060282;
        Fri, 08 May 2026 05:07:40 -0700 (PDT)
Received: from ?IPV6:2605:a601:a6b0:500::1cb? ([2605:a601:a6b0:500::1cb])
        by smtp.googlemail.com with ESMTPSA id
 d75a77b69052e-5148e62eff2sm15854531cf.6.2026.05.08.05.07.39
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 08 May 2026 05:07:39 -0700 (PDT)
Message-ID: <91b25e9b-5761-4046-84ef-cb73b5db17e6@dunslane.net>
Date: Fri, 8 May 2026 08:07:38 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Fix wrong error message from pg_get_tablespace_ddl()
To: Jim Jones <jim.jones@uni-muenster.de>, Chao Li <li.evan.chao@gmail.com>,
 PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
References: <53D05145-CE87-424F-A492-BB22A09BBE11@gmail.com>
 <9cc5e7a5-1cbc-4e07-ace4-ad04a8e1a6fe@uni-muenster.de>
From: Andrew Dunstan <andrew@dunslane.net>
Content-Language: en-US
Autocrypt: addr=andrew@dunslane.net; keydata=
 xsBNBE7KWFkBCAClridxur2AIc7eW2AR7izbfp3EnNefie2HbLF0izW5Ik5UjX2HBXBx4syI
 gY6b0ugohXrr274+baoAlvSbq6cAoQuEVrk5IZFzt20b1Xkx65FwGSEj526yiKLocqkJceSq
 Xr9xcA5SGY+FZv441chh5SU92v4q6z+6LPpoHOh97ptAVXZYNTtU0LevyvD5lja0TzbvJm6C
 eFXitJfnm1pLEr0DGJCR/iUOl/N62Kh4855zZC7NHIjQHPOvV5Stz/l5ilDhvGVk+xkXFPys
 SjZoUr1rXhYLpiyi5sR0X9FHXT0KnGuz1F5ERO7ZTLSSQ6fJwPj6gOk9K+vvoKvoeql5ABEB
 AAHNJEFuZHJldyBEdW5zdGFuIDxhbmRyZXdAZHVuc2xhbmUubmV0PsLAlwQTAQgAQQIbAwIX
 gAIZAQULCQgHAwUVCgkICwUWAgMBAAIeBRYhBOQ+WEYd/Hy/RGkVpZn6f8tZ/DuBBQJoGNGd
 BQkdEO8nAAoJEJn6f8tZ/DuBq74H/jkTR4Zi3stbw+xC7v2u3QozssK7MYPL2AsVfh7OealS
 h182fiWXpfvmmAB7WUHbhk9GC2RAOnHI/2d2jgKaMLAHsGYOT0YopTVIwRY43fCw/mK67yxc
 wmDcX+zyKfLaivNbf5A7QPLNwda98bEAMSJ8Sn652Uc6cA8t3uKGsVzbRBQOoYzjgvBCfSrE
 9ql3PDNg0l4BfAqabd2f70ZUm9VAMEPrgv/v2xI7M2XiL4g5BVmqLCOwxLM8RMCotCuoweUr
 VO43DeBCIDwLxotMJKvGWDjBzQYlU1NPUAtNcz/gN9ITUe1VUGjyvGj4u1lxBOcQQUw7l1+T
 5moZ4iZxXzvOwE0ETspYWQEIANGc4zQULOxhbqO2dyD51YhqCNRmm9oKWaqf+wmW4tpDe/VV
 cxAnNizd4LWCHfzpb5cHAtGkOPePMfzWVf6nvdF7d3eglbtf59+zG7O7llV0xSSoFiieQBsr
 GvqDInXYX/4mRRXMtyhM353/tixC9RWLs1oofyYmCPPXXY7h9R7en3B8BoVrRFcdzlIY/NFN
 hFGW/9dkEiGjgna2Rk6e15kln4ZvFBWUg23p93w/pqXcxY6+k/8TEk+C4R+M6w7o2PLGOjdZ
 +kPiUcw5H85zf/yZJwQXzisXaNduwWB6Vads9YC9dj6kPR1c4VGRqAaYL++LAEOqrlvm2Tvq
 QqZRtnEAEQEAAcLAfAQYAQgAJgIbDBYhBOQ+WEYd/Hy/RGkVpZn6f8tZ/DuBBQJoGNI2BQkd
 EODdAAoJEJn6f8tZ/DuBfw0IAKTsfD40teP/pp+bsLLMSxPXUYrrprTj7WFB5v61p6dkpSr/
 qXmMlyahdxQFaPmfVgVirB1Vk/kHiWNnnGjfUV9nB2Zg9LI0Xb9/ts3LsUiRWXzG3tkMY6XL
 vsVOxW4XFRND9l2q+WW93aZ1DZl+fqWfYgMvsusFRhmGFOKTRfKPta2Pkv+AhA24N4+PrR5p
 bU4k2MO8PAGiK8eaYKGFG1bHKuAvoDoF7WXJ3FHxuWqLnKEt4dfOLm5pAe3zq1Lt6q8azT9i
 QWGpSAK5vQUWQHBHpiDjdPeqKZ6HiAXIIKfSmb+jrvXBqoP+D6/K7rUjG2aXiRtTIAXms9sm
 VRu7cmw=
In-Reply-To: <9cc5e7a5-1cbc-4e07-ace4-ad04a8e1a6fe@uni-muenster.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/91b25e9b-5761-4046-84ef-cb73b5db17e6%40dunslane.net>
Precedence: bulk


On 2026-05-08 Fr 5:20 AM, Jim Jones wrote:
> Hi Chao
>
> On 08/05/2026 10:14, Chao Li wrote:
>> This is easy to reproduce:
>> ```
>> evantest=# set allow_in_place_tablespaces = true;
>> SET
>> evantest=# create role r1;
>> CREATE ROLE
>> evantest=# create tablespace ts1 location '';
>> CREATE TABLESPACE
>> evantest=# revoke select on pg_tablespace from r1;
>> REVOKE
>> evantest=# set role r1;
>> SET
>> evantest=> select * from pg_get_tablespace_ddl('ts1');
>> ERROR:  permission denied for tablespace ts1
>> ```
>>
>> Attached is a simple one-line fix. Attached is a simple one-line fix. 
>> I did not add a new test, as we usually try to avoid extending the 
>> test time for such a small fix. With the fix, the error message now 
>> looks like:
>> ```
>> evantest=> select * from pg_get_tablespace_ddl('ts1');
>> ERROR:  permission denied for table pg_tablespace
>> ```
>
> A few comments:
>
> == hardcoded table name ==
>
> Hardcoding "pg_tablespace" looks IMO a bit fragile. What about
> get_rel_name(TableSpaceRelationId) instead?
>
> See get_database_name(dbid) in pg_get_database_ddl_internal().
>
> == similar issue in pg_get_role_ddl_internal ==
>
> If we do this change, we should also address pg_authid to keep the 
> code consistent:
>
> /* User must have SELECT privilege on pg_authid. */
> if (pg_class_aclcheck(AuthIdRelationId, GetUserId(), ACL_SELECT) != 
> ACLCHECK_OK)
> {
>   ReleaseSysCache(tuple);
>   ereport(ERROR,
>   (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
>     errmsg("permission denied for role %s", rolname)));
> }
>
> Perhaps something like this instead of the ereport:
>
> aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLE, 
> get_rel_name(AuthIdRelationId));
>
>

I'm not 100% convinced these are in fact wrong. The user asks for the 
DDL for a named role or tablespace and we tell them that they don't have 
the privilege to get the information for that object. If we tell them 
that the problem is that they don't have privilege on the underlying 
catalog table, they might think "Well, I didn't ask for that".


cheers


andrew



>
>
--
Andrew Dunstan
EDB: https://www.enterprisedb.com