Home > mailing lists

Re: NULL pg_database.datacl - Mailing list pgsql-general

From	Dominique Devienne
Subject	Re: NULL pg_database.datacl
Date	March 20, 2023 15:50:31
Msg-id	CAFCRh-8o+Mn_KnT5DSVKgfkgFNLNy-3R52VLzVwBeY5EHqYhsw@mail.gmail.com Whole thread Raw
In response to	Re: NULL pg_database.datacl (Erik Wienhold <ewie@ewie.name>)
Responses	Re: NULL pg_database.datacl (Erik Wienhold <ewie@ewie.name>)
List	pgsql-general

Tree view

On Mon, Mar 20, 2023 at 1:18 PM Erik Wienhold <ewie@ewie.name> wrote:

> On 20/03/2023 11:52 CET Dominique Devienne <ddevienne@gmail.com> wrote:
> What does a NULL AclItem[] mean exactly?

It means that the object has default privileges (before any GRANT or REVOKE
is executed). For databases this means full privileges for the database owner
and the CONNECT and TEMPORARY privileges for PUBLIC. So any user can connect
if allowed by pg_hba.conf.

https://www.postgresql.org/docs/current/ddl-priv.html

Thanks Erik. But then, how come aclexplode() is not showing these default/implicit privileges?

Is there a SQL function returning those per-type default provileges?

That I could then coalesce() datacl with?

Or some other means to list actual / effective privileges, even those implicit ones?

Thanks, --DD

ddb=> select datname, grantor::regrole::text, grantee::regrole::text, privilege_type, is_grantable
ddb-> from pg_database
ddb-> left join lateral aclexplode(datacl) on true
ddb-> where datacl is null;
datname | grantor | grantee | privilege_type | is_grantable
---------+---------+---------+----------------+--------------
qadb | | | |

(1 row)

pgsql-general by date:

From: Will Roper
Date: 20 March 2023, 15:46:19
Subject: Logical replication fails when adding multiple replicas

From: Inzamam Shafiq
Date: 20 March 2023, 15:57:51
Subject: Oracle to PostgreSQL Migration

Re: NULL pg_database.datacl - Mailing list pgsql-general

Previous

Next