diff options
| -rw-r--r-- | doc/src/sgml/ref/grant.sgml | 20 | ||||
| -rw-r--r-- | src/backend/utils/adt/acl.c | 4 |
2 files changed, 18 insertions, 6 deletions
diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml index 8f385f6bb75..385cfe6a9ca 100644 --- a/doc/src/sgml/ref/grant.sgml +++ b/doc/src/sgml/ref/grant.sgml @@ -156,12 +156,22 @@ GRANT <replaceable class="parameter">role_name</replaceable> [, ...] TO <replace <para> PostgreSQL grants default privileges on some types of objects to <literal>PUBLIC</literal>. No privileges are granted to - <literal>PUBLIC</literal> by default on tables, - columns, schemas or tablespaces. For other types, the default privileges + <literal>PUBLIC</literal> by default on + tables, + table columns, + sequences, + foreign data wrappers, + foreign servers, + large objects, + schemas, + or tablespaces. + For other types of objects, the default privileges granted to <literal>PUBLIC</literal> are as follows: - <literal>CONNECT</literal> and <literal>CREATE TEMP TABLE</literal> for - databases; <literal>EXECUTE</literal> privilege for functions; and - <literal>USAGE</literal> privilege for languages. + <literal>CONNECT</literal> and <literal>TEMPORARY</literal> (create + temporary tables) privileges for databases; + <literal>EXECUTE</literal> privilege for functions; and + <literal>USAGE</literal> privilege for languages and data types + (including domains). The object owner can, of course, <command>REVOKE</command> both default and expressly granted privileges. (For maximum security, issue the <command>REVOKE</> in the same transaction that diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index 0c26e44d820..fa6b792d008 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -737,7 +737,9 @@ hash_aclitem_extended(PG_FUNCTION_ARGS) * acldefault() --- create an ACL describing default access permissions * * Change this routine if you want to alter the default access policy for - * newly-created objects (or any object with a NULL acl entry). + * newly-created objects (or any object with a NULL acl entry). When + * you make a change here, don't forget to update the GRANT man page, + * which explains all the default permissions. * * Note that these are the hard-wired "defaults" that are used in the * absence of any pg_default_acl entry. |