Partyka Robert <bobson@saturn.alpha.pl> writes:
> #create table ala(a int4);
> CREATE
> #\z
> Access permissions for database "a"
> Relation | Access permissions
> ----------+--------------------
> ala |
> (1 row)
> #revoke all on ala from public;
> CHANGE
> #\z
> Access permissions for database "a"
> Relation | Access permissions
> ----------+-----------------------
> ala | {"=","postgres=arwR"}
> (1 row)
> hmmm.... is everything work ok ?
Yup, that's the expected behavior. Initially the relacl entry for a new
table is NULL, which the system will interpret as default access rights
(namely, world=no rights, owner=all rights). As soon as you issue a
GRANT or REVOKE, a real ACL gets installed --- which will consist of the
default access rights made explicit and then modified per your GRANT or
REVOKE. At that point you see something in \z, whereas psql doesn't
show anything in \z for a NULL acl entry.
AFAIK it's always worked like that...
regards, tom lane
