Re: Restoring default privileges on objects - Mailing list pgsql-general

From Tom Lane
Subject Re: Restoring default privileges on objects
Date
Msg-id 1006397.1693318485@sss.pgh.pa.us
Whole thread Raw
In response to Re: Restoring default privileges on objects  (Erik Wienhold <ewie@ewie.name>)
Responses Re: Restoring default privileges on objects
List pgsql-general
Erik Wienhold <ewie@ewie.name> writes:
> On 29/08/2023 03:23 CEST Stuart McGraw <smcgraw@mtneva.com> wrote:
>> If I've done a GRANT or REVOKE on some of the tables, how do I restore
>> the default privileges so that the “Access privileges” appears empty
>> again?  I re-granted what I think are the default privileges but the
>> "Access privileges" column for that table contains "user1=arwdDxt/user1"
>> rather than being blank.  This is Postgresql-14.

> Yes, "user1=arwdDxt/user1" matches the default privileges if user1 is the table
> owner.

Right.  There is no (supported) way to cause the ACL entry to go back
to null.  It starts life that way as an ancient hack to save a step
during object creation.  But the moment you do anything to the object's
privileges, the NULL is replaced by an explicit representation of the
default privileges, which is then modified per whatever command you
are giving.  After that the privileges will always be explicit.

There's been occasional discussion of changing this behavior, but
it'd take work and it'd likely add about as much surprise as it
removes.  People have been used to this quirk for a long time.

            regards, tom lane



pgsql-general by date:

Previous
From: Erik Wienhold
Date:
Subject: Re: Restoring default privileges on objects
Next
From: Stuart McGraw
Date:
Subject: Re: Restoring default privileges on objects