Re: superuser() shortcuts

Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> Stephen Frost wrote:
>> * Andres Freund (andres(at)2ndquadrant(dot)com) wrote:
>>> On 2014-11-26 08:33:10 -0500, Stephen Frost wrote:
>>>> Doesn't that argument then apply to the other messages which I pointed
>>>> out in my follow-up to Andres, where the detailed info is in the hint
>>>> and the main error message is essentially 'permission denied'?

>> The more I consider this and review the error message reporting policy,
>> the more I feel that the original coding was wrong and that this change
>> *is* the correct one to make.

> +1. I don't care for the idea of "not moving from main error message to
> errdetail" -- the rationale seems to be that errdetail might be hidden,
> lost, or otherwise not read by the user; if that is so, why do we have
> errdetail in the first place? We might as well just move all the
> errdetails into the main message, huh?

I might be overlooking some corner case, but most of our permission-type
error messages are not just "permission denied" full stop; they're more
like "permission denied for <object>". So I think it'd be sensible for
the main error message to be something like "permission denied for
replication", and then additional info in errdetail if that seems
warranted. But "permission denied" all by itself seems too vague
to be useful --- even the simplest SQL command usually has multiple
ways that it could conceivably trip over a permissions restriction.
The concept of errdetail has always been "extra info that might be
helpful", not "information you *must* have to have any hope of
understanding the problem".

In the context at hand, I think most of the messages in question are
currently phrased like "must be superuser to do X". I'd be fine with
changing that to "permission denied to do X", but not to just
"permission denied".

regards, tom lane