Re: SET ROLE and reserved roles

Amit,

* Amit Langote (Langote_Amit_f8@lab.ntt.co.jp) wrote:
> On 2016/04/14 2:10, Stephen Frost wrote:
> >> Amit Langote <Langote_Amit_f8@lab.ntt.co.jp <javascript:;>> writes:
> >>> I observe this:
> >>
> >>> postgres=# SET ROLE TO NONE;
> >>> SET
> >>> postgres=# SET ROLE TO nonexistent;
> >>> ERROR:  role "nonexistent" does not exist
> >>> postgres=# SET ROLE TO pg_signal_backend;
> >>> ERROR:  invalid value for parameter "role": "pg_signal_backend"
> >>
> >>> Is that behavior deliberate? Might it be better to handle the case
> >>> specially much as setting to "none" works?
> >
> > I don't think it makes sense to say the role doesn't exist when it does, in
> > fact, exist.
>
> Sorry, I didn't mean to say that we should error with "<reserved-role>
> does not exist" on such SET ROLE attempts.  Like Michael, I was a bit
> surprised to find that it output "invalid value for parameter".

No problem.  I realized that when I read your email, but when I was
added to the CC (which results in the email showing up on my phone,
where I had been responding from earlier), I only saw the subset which
was quoted.  Your comments make more sense now that I've caught up on
-hackers email.

> So, if consensus emerges that we should indeed disallow SET ROLE
> <reserved-role-spec>, I would +1 Michael's proposed GUC_check_err*()-based
> patch.

I've not looked it over carefully, but I generally agree with improving
the error messages.

Thanks!

Stephen