Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wLHNi-001fuf-33
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 08 May 2026 09:20:27 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wLHNh-008zMO-2s
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 08 May 2026 09:20:25 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <jim.jones@uni-muenster.de>)
	id 1wLHNh-008zMF-1o
	for pgsql-hackers@lists.postgresql.org;
	Fri, 08 May 2026 09:20:25 +0000
Received: from udcm-wwu2.uni-muenster.de ([128.176.118.28])
	by magus.postgresql.org with esmtps  (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <jim.jones@uni-muenster.de>)
	id 1wLHNf-00000001Cm8-1pHY
	for pgsql-hackers@lists.postgresql.org;
	Fri, 08 May 2026 09:20:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=uni-muenster.de; i=@uni-muenster.de; q=dns/txt;
  s=uniout; t=1778232024; x=1809768024;
  h=message-id:date:mime-version:subject:to:references:from:
   in-reply-to:content-transfer-encoding;
  bh=obuSk+sZefdkaUqqXo78jLexQzbk3VKcS3O9Yw8+lOI=;
  b=bEnXZ1d3T7jw40cpttJ9AW3XkigM712ATsmjNdeXIIOK5xsoXoHs8Nqk
   6DufN9CBnbIR/XbOI8D2OpsiEYMQbAZEyug/SVzpf+YwkFpSSQmnV0KqB
   BkTwOgb93bZLpG6MQkquYF13ynpwjZvP0YYNlF5JTQJo5xvt7QSN3vGnu
   AXg/SP26JnHZLTlXBhhTHC6yQIlsFejCQobYzRaM/99NXOZqb0hjnCanp
   xMR7LoceHjO2o5RP+JmfDxifdLkTu+rtv2Q/kZB/lM6oqp+aBO6IDZ8PW
   OH0MnHzC8Y5Rwz32iAu3fU7mViSDIl5cQ8+cLRGB5qwGM1jrMGLR04Zn/
   w==;
X-CSE-ConnectionGUID: Qf1BRSgfR9CtLib5D+ZNng==
X-CSE-MsgGUID: iMRW+frNQ8aWNPcwQXlcPA==
X-IronPort-AV: E=Sophos;i="6.23,223,1770591600";
   d="scan'208";a="393512585"
Received: from secmail.uni-muenster.de ([128.176.118.4])
  by UDCM-RELAY2.UNI-MUENSTER.DE with ESMTP; 08 May 2026 11:20:23 +0200
Received: from [192.168.178.49]
 (dynamic-093-131-101-118.93.131.pool.telefonica.de [93.131.101.118])
	by SECMAIL.UNI-MUENSTER.DE (Postfix) with ESMTPSA id DCF0120ADF02;
	Fri,  8 May 2026 11:20:21 +0200 (CEST)
Message-ID: <9cc5e7a5-1cbc-4e07-ace4-ad04a8e1a6fe@uni-muenster.de>
Date: Fri, 8 May 2026 11:20:20 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Fix wrong error message from pg_get_tablespace_ddl()
To: Chao Li <li.evan.chao@gmail.com>,
 PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
References: <53D05145-CE87-424F-A492-BB22A09BBE11@gmail.com>
Content-Language: en-US, de-DE
From: Jim Jones <jim.jones@uni-muenster.de>
In-Reply-To: <53D05145-CE87-424F-A492-BB22A09BBE11@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/9cc5e7a5-1cbc-4e07-ace4-ad04a8e1a6fe%40uni-muenster.de>
Precedence: bulk

Hi Chao

On 08/05/2026 10:14, Chao Li wrote:
> This is easy to reproduce:
> ```
> evantest=# set allow_in_place_tablespaces = true;
> SET
> evantest=# create role r1;
> CREATE ROLE
> evantest=# create tablespace ts1 location '';
> CREATE TABLESPACE
> evantest=# revoke select on pg_tablespace from r1;
> REVOKE
> evantest=# set role r1;
> SET
> evantest=> select * from pg_get_tablespace_ddl('ts1');
> ERROR:  permission denied for tablespace ts1
> ```
> 
> Attached is a simple one-line fix. Attached is a simple one-line fix. I did not add a new test, as we usually try to avoid extending the test time for such a small fix. With the fix, the error message now looks like:
> ```
> evantest=> select * from pg_get_tablespace_ddl('ts1');
> ERROR:  permission denied for table pg_tablespace
> ```

A few comments:

== hardcoded table name ==

Hardcoding "pg_tablespace" looks IMO a bit fragile. What about
get_rel_name(TableSpaceRelationId) instead?

See get_database_name(dbid) in pg_get_database_ddl_internal().

== similar issue in pg_get_role_ddl_internal ==

If we do this change, we should also address pg_authid to keep the code 
consistent:

/* User must have SELECT privilege on pg_authid. */
if (pg_class_aclcheck(AuthIdRelationId, GetUserId(), ACL_SELECT) != 
ACLCHECK_OK)
{
   ReleaseSysCache(tuple);
   ereport(ERROR,
   (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
	errmsg("permission denied for role %s", rolname)));
}

Perhaps something like this instead of the ereport:

aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLE, 
get_rel_name(AuthIdRelationId));

Thanks!

Best, Jim