Re: superuser() shortcuts

* Andres Freund (andres(at)2ndquadrant(dot)com) wrote:
> On 2014-11-26 10:18:20 -0500, Stephen Frost wrote:
> > * Andres Freund (andres(at)2ndquadrant(dot)com) wrote:
> > > I don't see how you read the contrary from the guidelines:
> > > > The primary message should be short, factual, and avoid reference to
> > > > implementation details such as specific function names. "Short" means
> > > > "should fit on one line under normal conditions". Use a detail message
> > > > if needed to keep the primary message short, or if you feel a need to
> > > > mention implementation details such as the particular system call that
> > > > failed. Both primary and detail messages should be factual. Use a hint
> > > > message for suggestions about what to do to fix the problem, especially
> > > > if the suggestion might not always be applicable. It's quite common
> > > > that you'll only see the actual error message in logs and displayed
> > > > error messages.
> >
> > Having to be the owner of a relation to TRUNCATE it was an
> > implementation detail, and one which changed back in 2008.
> >
> > Needing to have the replication role attribute is an implementation
> > detail. It's not the error- the error is *permission denied to do X*.
>
> That's just plain absurd. If the user needs to explicitly configure that
> permission it's damned sure not just a implementation detail.

The implementation detail is that it's not part of the normal
GRANT/REVOKE privilege system, which is why it's useful to note it in
the detail and why we don't need to add an errdetail along the lines of
'You must have SELECT rights on relation X to SELECT from it'.

Thanks,

Stephen