Improve error messages around REPLICATION and BYPASSRLS properties.

tglsfdc · tglsfdc · commit 17fb60387ce3 · 2020-11-03T15:49:05.000-05:00
Clarify wording as per suggestion from Wolfgang Walther. No back-patch; this doesn't seem worth thrashing translatable strings in the back branches. Tom Lane and Stephen Frost Discussion: https://postgr.es/m/a5548a9f-89ee-3167-129d-162b5985fcf8@technowledgy.de
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
@@ -305,7 +305,7 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
 		if (!superuser())
 			ereport(ERROR,
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
-					 errmsg("must be superuser to change bypassrls attribute")));
+					 errmsg("must be superuser to create bypassrls users")));
 	}
 	else
 	{
@@ -719,14 +719,14 @@ AlterRole(AlterRoleStmt *stmt)
 		if (!superuser())
 			ereport(ERROR,
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
-					 errmsg("must be superuser to alter superusers")));
+					 errmsg("must be superuser to alter superuser roles or change superuser attribute")));
 	}
 	else if (authform->rolreplication || isreplication >= 0)
 	{
 		if (!superuser())
 			ereport(ERROR,
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
-					 errmsg("must be superuser to alter replication users")));
+					 errmsg("must be superuser to alter replication roles or change replication attribute")));
 	}
 	else if (bypassrls >= 0)
 	{

Original file line number	Diff line number	Diff line change
`@@ -305,7 +305,7 @@ CreateRole(ParseState pstate, CreateRoleStmt stmt)`
`305`	`305`	`if (!superuser())`
`306`	`306`	`ereport(ERROR,`
`307`	`307`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`308`		`- errmsg("must be superuser to change bypassrls attribute")));`
	`308`	`+ errmsg("must be superuser to create bypassrls users")));`
`309`	`309`	`}`
`310`	`310`	`else`
`311`	`311`	`{`
`@@ -719,14 +719,14 @@ AlterRole(AlterRoleStmt *stmt)`
`719`	`719`	`if (!superuser())`
`720`	`720`	`ereport(ERROR,`
`721`	`721`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`722`		`- errmsg("must be superuser to alter superusers")));`
	`722`	`+ errmsg("must be superuser to alter superuser roles or change superuser attribute")));`
`723`	`723`	`}`
`724`	`724`	`else if (authform->rolreplication \|\| isreplication >= 0)`
`725`	`725`	`{`
`726`	`726`	`if (!superuser())`
`727`	`727`	`ereport(ERROR,`
`728`	`728`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`729`		`- errmsg("must be superuser to alter replication users")));`
	`729`	`+ errmsg("must be superuser to alter replication roles or change replication attribute")));`
`730`	`730`	`}`
`731`	`731`	`else if (bypassrls >= 0)`
`732`	`732`	`{`