On 8 April 2015 at 16:27, Stephen Frost <sfr...@snowman.net> wrote: > * Dean Rasheed (dean.a.rash...@gmail.com) wrote: >> I actually re-used the sql status code 42501 - >> ERRCODE_INSUFFICIENT_PRIVILEGE for a RLS check failure because of the >> parallel with permissions checks, but I quite like Craig's idea of >> inventing a new status code for this, so that it can be more easily >> distinguished from a lack of GRANTed privileges. > > As I mentioned to Kevin, I'm not sure that this is really a useful > distinction. I'm quite curious if other systems provide that > distinction between grant violations and policy violations. If they do > then that would certainly bolster the argument to provide the > distinction in PG. >
OK, on further reflection I think that's probably right. ERRCODE_INSUFFICIENT_PRIVILEGE is certainly more appropriate than anything based on a WCO violation, because it reflects the fact that the current user isn't allowed to perform the insert/update, but another user might be allowed, so this is a privilege problem, not a data error. Regards, Dean -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers