Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken

Josh Berkus <josh@agliodbs.com> writes:
> On 04/29/2013 09:59 AM, Tom Lane wrote:
>> As I pointed out to you last night, it does already say that.
>> I think the problem here is that we're just throwing a generic
>> permissions failure rather than identifying the particular permission
>> needed.

> Yeah, a better error message would help a lot.  My first thought was
> "WTF?  I'm the superuser, whaddya mean, 'permission denied'"?

Right.  I wonder if there's any good reason why we shouldn't extend
aclerror() to, in all cases, add a DETAIL line along the lines of
ERROR:  permission denied for schema webDETAIL:  This operation requires role X to have privilege Y.

Is there any scenario where this'd be exposing too much info?
        regards, tom lane