diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index 4331beb..cea674e 100644
*** a/doc/src/sgml/func.sgml
--- b/doc/src/sgml/func.sgml
*************** SELECT has_function_privilege('joeuser',
*** 16893,16898 ****
--- 16893,17032 ----
be specified by name or by OID.
+
+ shows functions to
+ manage the aclitem type, the internal representation of access
+ privileges.
+ An aclitem entry describes the permissions of a grantee,
+ whether they are grantable or not, and which grantor granted them.
+ For instance, calvin=r*w/hobbes tells that
+ role calvin has
+ grantable privilege SELECT (r*)
+ and non-grantable privilege UPDATE (w)
+ granted by role hobbes.
+ An empty grantee stands for PUBLIC.
+
+
+
+ <type>aclitem</type> Management Functions
+
+
+ Name Return Type Description
+
+
+
+ acldefault(type,
+ ownerId)
+ aclitem[]
+ get the hardcoded default access privileges for an object belonging to ownerId
+
+
+ aclinsert(aclitem[], aclitem)
+ aclitem[]
+ add element aclitem to aclitem[] array
+
+
+ aclremove(aclitem[], aclitem)
+ aclitem[]
+ remove element aclitem from aclitem[] array
+
+
+ aclitemeq(aclitem1, aclitem2)
+ boolean
+ test whether two aclitem elements are equal
+
+
+ aclcontains(aclitem[], aclitem)
+ boolean
+ test whether element aclitem is contained within aclitem[] array
+
+
+ aclexplode(aclitem[])
+ setof record
+ get aclitem array as tuples
+
+
+ makeaclitem(grantee, grantor, privilege, grantable)
+ aclitem
+ build an aclitem from input
+
+
+
+
+
+
+ aclitem
+
+
+ acldefault
+
+
+ aclinsert
+
+
+ aclremove
+
+
+ aclitemeq
+
+
+ aclcontains
+
+
+ aclexplode
+
+
+ makeaclitem
+
+
+
+ acldefault returns the hardcoded default access privileges
+ for an object of type belonging to role ownerId.
+ Notice that these are used in the absence of any pg_default_acl
+ () entry. Default access privileges are described in
+ and can be overwritten with
+ . In other words, this function will return
+ results which may be misleading when the defaults have been overridden.
+ Type is a CHAR, use
+ 'c' for COLUMN,
+ 'r' for relation-like objects such as TABLE or VIEW,
+ 's' for SEQUENCE,
+ 'd' for DATABASE,
+ 'f' for FUNCTION or PROCEDURE,
+ 'l' for LANGUAGE,
+ 'L' for LARGE OBJECT,
+ 'n' for SCHEMA,
+ 't' for TABLESPACE,
+ 'F' for FOREIGN DATA WRAPPER,
+ 'S' for FOREIGN SERVER,
+ 'T' for TYPE or DOMAIN.
+
+
+
+ aclinsert and aclremove
+ allow to insertion/removal of a privilege described by an
+ aclitem into/from an array of aclitem.
+
+
+
+ aclitemeq checks for equality of two
+ aclitem elements.
+
+
+
+ aclcontains checks if an aclitem
+ element is present in an array of aclitem.
+
+
+
+ aclexplode returns an aclitem array
+ as a set rows. Output columns are grantor oid,
+ grantee oid (0 for PUBLIC),
+ granted privilege as text (SELECT, ...)
+ and whether the prilivege is grantable as boolean.
+ makeaclitem performs the inverse operation.
+
+
shows functions that
determine whether a certain object is visible in the
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c
index a45e093..d5285e2 100644
*** a/src/backend/utils/adt/acl.c
--- b/src/backend/utils/adt/acl.c
*************** acldefault(ObjectType objtype, Oid owner
*** 855,862 ****
/*
* SQL-accessible version of acldefault(). Hackish mapping from "char" type to
! * OBJECT_* values, but it's only used in the information schema, not
! * documented for general use.
*/
Datum
acldefault_sql(PG_FUNCTION_ARGS)
--- 855,861 ----
/*
* SQL-accessible version of acldefault(). Hackish mapping from "char" type to
! * OBJECT_* values.
*/
Datum
acldefault_sql(PG_FUNCTION_ARGS)