Re: Fix wrong error message from pg_get_tablespace_ddl()

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Álvaro Herrera <[email protected]>
To: Jim Jones <[email protected]>
Cc: Andrew Dunstan <[email protected]>
Cc: Chao Li <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Fix wrong error message from pg_get_tablespace_ddl()
Date: Fri, 8 May 2026 19:20:04 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>

On 2026-May-08, Jim Jones wrote:

> It depends on what we expect from the error message. If its purpose is
> simply to tell the user "you can't access this object," the current message
> is totally fine. If, however, the goal is to show the error's root cause, it
> could be a bit misleading.

Hmm, the idea in my mind was that if SELECT from the catalog is
revoked, but the user does have a grant on the tablespace that lets them
read the DDL, then they should be able to obtain the CREATE statement
for it even though they cannot read the properties from the catalog
directly.  The current coding does not seem to do that, but instead
it refuses to produce the DDL.  Is this really what we want?

Although tablespaces may be special in that only superusers can "own"
them anyway.

TBH I'm undecided about how this should work.  If somebody has
ACL_CREATE on a certain tablespace, should she be able to know what the
spcoptions are, for instance?  What about a database owner whose default
tablespace is that one?  Maybe we'd hide the location unless superuser,
and show the rest ...?

-- 
Álvaro Herrera         PostgreSQL Developer  —  https://www.EnterpriseDB.com/
"This is a foot just waiting to be shot"                (Andrew Dunstan)

view thread (10+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Fix wrong error message from pg_get_tablespace_ddl()
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox