Re: Row security violation error is misleading

* Kevin Grittner (kgrittn@ymail.com) wrote:
> Dean Rasheed <dean.a.rasheed@gmail.com> wrote:
>
> >> Re-using the SQLSTATE 44000 is a bit iffy too. We should
> >> probably define something to differentiate this, like:
> >>
> >>    44P01 ROW SECURITY WRITE POLICY VIOLATION
> >
> > Yes, that sounds sensible.
>
> I would be more inclined to use:
>
> 42501  ERRCODE_INSUFFICIENT_PRIVILEGE
>
> I know this is used 173 other places where a user attempts to do
> something they are not authorized to do, so you would not be able
> to differentiate the specific cause based on SQLSTATE if this is
> used -- but why don't we feel that way about the other 173 causes?
> Why does this security violation require a separate SQLSTATE?

I tend to agree with this and it feels more consistent.  SQLSTATE is
already a very generic response system and knowing that it's a policy
violation instead of a GRANT violations strikes me as unlikely to be
terribly interesting at the level where you're just looking at the
SQLSTATE code.
Thanks!
    Stephen