Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view

On Wed, Mar 13, 2024 at 02:32:55PM -0400, Tom Lane wrote:
> I think there's been a policy of being minimalistic on
> permission-denied errors to avoid giving away security information,
> but I'm not sure how much sense that really makes.  We already show
> the specific object that didn't have permissions.  I think it would
> be good for these errors to also mention the specific role whose
> permissions were checked.  Perhaps also show the specific privileges
> that were missing --- although it might be hard to do that in a
> non-confusing way for complicated cases, such as queries that are
> valid if you have either table- or column-level permissions.
> 
> If we just add the role I'd envision
> 
> ERROR:  permission denied to role "foo" for [object]
> 
> although with any more detail that would get too long.
> Another way could be
> 
> ERROR:  permission denied for [object]
> DETAIL:  Role "foo" lacks permission [permission].
> 
> Mentioning the role that was checked should address the concern
> of "I'm a superuser, why did I get this error?".  However,
> fixing it requires knowing which privilege to grant.  I'm not
> sure if that's always obvious.

If we don't want to expand the error, and I can see why we might not
want to, giving the detailed error only for the superuser would be safe,
I think, since they are already the superuser.

Personal note:  my son Matthew got this error when using photoview
software, and I was confused why the superuser was getting a permission
error.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.