> Right. I wonder if there's any good reason why we shouldn't extend > aclerror() to, in all cases, add a DETAIL line along the lines of > > ERROR: permission denied for schema web > DETAIL: This operation requires role X to have privilege Y. > > Is there any scenario where this'd be exposing too much info?
Not that I can think of. The fact that role X doesn't have create on schema Y isn't exactly privileged info. Further, to make any use of that information, you'd have to be able to SET ROLE X, in which case you can just test for yourself if X has CREATE permission. -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers