git.postgresql.org Git - postgresql.git/commitdiff

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c

index d63d3c58ca8db9976bb204123c6d595270e541fa..6b42d4fc34a7315c0f74bb042f2eb5386367d489 100644 (file)

--- a/src/backend/commands/user.c

+++ b/src/backend/commands/user.c

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to create role"),

- errdetail("Only roles with the %s attribute may create roles with %s.",

+ errdetail("Only roles with the %s attribute may create roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

if (createdb && !have_createdb_privilege())

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to create role"),

- errdetail("Only roles with the %s attribute may create roles with %s.",

+ errdetail("Only roles with the %s attribute may create roles with the %s attribute.",

"CREATEDB", "CREATEDB")));

if (isreplication && !has_rolreplication(currentUserId))

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to create role"),

- errdetail("Only roles with the %s attribute may create roles with %s.",

+ errdetail("Only roles with the %s attribute may create roles with the %s attribute.",

"REPLICATION", "REPLICATION")));

if (bypassrls && !has_bypassrls_privilege(currentUserId))

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to create role"),

- errdetail("Only roles with the %s attribute may create roles with %s.",

+ errdetail("Only roles with the %s attribute may create roles with the %s attribute.",

"BYPASSRLS", "BYPASSRLS")));

}

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to alter role"),

- errdetail("Only roles with the %s attribute may alter roles with %s.",

+ errdetail("Only roles with the %s attribute may alter roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

if (!superuser() && dissuper)

ereport(ERROR,

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to alter role"),

- errdetail("Only roles with the %s attribute may alter roles with %s.",

+ errdetail("Only roles with the %s attribute may alter roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

}

else

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to drop role"),

- errdetail("Only roles with the %s attribute may drop roles with %s.",

+ errdetail("Only roles with the %s attribute may drop roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

if (!is_admin_of_role(GetUserId(), roleid))

ereport(ERROR,

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to rename role"),

- errdetail("Only roles with the %s attribute may rename roles with %s.",

+ errdetail("Only roles with the %s attribute may rename roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

}

else

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to grant role \"%s\"",

GetUserNameFromId(roleid, false)),

- errdetail("Only roles with the %s attribute may grant roles with %s.",

+ errdetail("Only roles with the %s attribute may grant roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

else

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to revoke role \"%s\"",

GetUserNameFromId(roleid, false)),

- errdetail("Only roles with the %s attribute may revoke roles with %s.",

+ errdetail("Only roles with the %s attribute may revoke roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

}

}

diff --git a/src/backend/storage/ipc/signalfuncs.c b/src/backend/storage/ipc/signalfuncs.c

index eabb68a9e17cd594467ce3a463b95b89ed7fa96e..94ae553b9461857c939b6c6de4316838760da1a5 100644 (file)

--- a/src/backend/storage/ipc/signalfuncs.c

+++ b/src/backend/storage/ipc/signalfuncs.c

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to cancel query"),

- errdetail("Only roles with the %s attribute may cancel queries of roles with %s.",

+ errdetail("Only roles with the %s attribute may cancel queries of roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

if (r == SIGNAL_BACKEND_NOPERMISSION)

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

errmsg("permission denied to terminate process"),

- errdetail("Only roles with the %s attribute may terminate processes of roles with %s.",

+ errdetail("Only roles with the %s attribute may terminate processes of roles with the %s attribute.",

"SUPERUSER", "SUPERUSER")));

if (r == SIGNAL_BACKEND_NOPERMISSION)

diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c

index 561bd13ed24d8d1171f5ddd75f20346831c2cbd0..0f9b92b32ebdd01364d3a1d523bd1e23abf5d512 100644 (file)

--- a/src/backend/utils/init/postinit.c

+++ b/src/backend/utils/init/postinit.c

if (nfree < SuperuserReservedConnections)

ereport(FATAL,

(errcode(ERRCODE_TOO_MANY_CONNECTIONS),

- errmsg("remaining connection slots are reserved for roles with %s",

+ errmsg("remaining connection slots are reserved for roles with the %s attribute",

"SUPERUSER")));

if (!has_privs_of_role(GetUserId(), ROLE_PG_USE_RESERVED_CONNECTIONS))

diff --git a/src/test/regress/expected/create_role.out b/src/test/regress/expected/create_role.out

index 5526e34a7f446053b4c825c8cb59304fcbc8ed63..7117e943c2096a32d5832cba7e0b9f86838066ca 100644 (file)

--- a/src/test/regress/expected/create_role.out

+++ b/src/test/regress/expected/create_role.out

SET SESSION AUTHORIZATION regress_role_limited_admin;

CREATE ROLE regress_nosuch_superuser SUPERUSER;

ERROR: permission denied to create role

-DETAIL: Only roles with the SUPERUSER attribute may create roles with SUPERUSER.

+DETAIL: Only roles with the SUPERUSER attribute may create roles with the SUPERUSER attribute.

CREATE ROLE regress_nosuch_replication_bypassrls REPLICATION BYPASSRLS;

ERROR: permission denied to create role

-DETAIL: Only roles with the REPLICATION attribute may create roles with REPLICATION.

+DETAIL: Only roles with the REPLICATION attribute may create roles with the REPLICATION attribute.

CREATE ROLE regress_nosuch_replication REPLICATION;

ERROR: permission denied to create role

-DETAIL: Only roles with the REPLICATION attribute may create roles with REPLICATION.

+DETAIL: Only roles with the REPLICATION attribute may create roles with the REPLICATION attribute.

CREATE ROLE regress_nosuch_bypassrls BYPASSRLS;

ERROR: permission denied to create role

-DETAIL: Only roles with the BYPASSRLS attribute may create roles with BYPASSRLS.

+DETAIL: Only roles with the BYPASSRLS attribute may create roles with the BYPASSRLS attribute.

CREATE ROLE regress_nosuch_createdb CREATEDB;

ERROR: permission denied to create role

-DETAIL: Only roles with the CREATEDB attribute may create roles with CREATEDB.

+DETAIL: Only roles with the CREATEDB attribute may create roles with the CREATEDB attribute.

-- ok, can create a role without any special attributes

CREATE ROLE regress_role_limited;

-- fail, can't give it in any of the restricted attributes

-- fail, cannot grant membership in superuser role

CREATE ROLE regress_nosuch_super IN ROLE regress_role_super;

ERROR: permission denied to grant role "regress_role_super"

-DETAIL: Only roles with the SUPERUSER attribute may grant roles with SUPERUSER.

+DETAIL: Only roles with the SUPERUSER attribute may grant roles with the SUPERUSER attribute.

-- fail, database owner cannot have members

CREATE ROLE regress_nosuch_dbowner IN ROLE pg_database_owner;

ERROR: role "pg_database_owner" cannot have explicit members

-- fail, cannot drop ourself, nor superusers or roles we lack ADMIN for

DROP ROLE regress_role_super;

ERROR: permission denied to drop role

-DETAIL: Only roles with the SUPERUSER attribute may drop roles with SUPERUSER.

+DETAIL: Only roles with the SUPERUSER attribute may drop roles with the SUPERUSER attribute.

DROP ROLE regress_role_admin;

ERROR: current user cannot be dropped

DROP ROLE regress_rolecreator;