Summary of Access Privileges for Various Object Types and Understanding ACL Items

<row> <entry><literal>FUNCTION</literal> or <literal>PROCEDURE</literal></entry> <entry><literal>X</literal></entry> <entry><literal>X</literal></entry> <entry><literal>\df+</literal></entry> </row> <row> <entry><literal>FOREIGN DATA WRAPPER</literal></entry> <entry><literal>U</literal></entry> <entry>none</entry> <entry><literal>\dew+</literal></entry> </row> <row> <entry><literal>FOREIGN SERVER</literal></entry> <entry><literal>U</literal></entry> <entry>none</entry> <entry><literal>\des+</literal></entry> </row> <row> <entry><literal>LANGUAGE</literal></entry> <entry><literal>U</literal></entry> <entry><literal>U</literal></entry> <entry><literal>\dL+</literal></entry> </row> <row> <entry><literal>LARGE OBJECT</literal></entry> <entry><literal>rw</literal></entry> <entry>none</entry> <entry><literal>\dl+</literal></entry> </row> <row> <entry><literal>PARAMETER</literal></entry> <entry><literal>sA</literal></entry> <entry>none</entry> <entry><literal>\dconfig+</literal></entry> </row> <row> <entry><literal>SCHEMA</literal></entry> <entry><literal>UC</literal></entry> <entry>none</entry> <entry><literal>\dn+</literal></entry> </row> <row> <entry><literal>SEQUENCE</literal></entry> <entry><literal>rwU</literal></entry> <entry>none</entry> <entry><literal>\dp</literal></entry> </row> <row> <entry><literal>TABLE</literal> (and table-like objects)</entry> <entry><literal>arwdDxtm</literal></entry> <entry>none</entry> <entry><literal>\dp</literal></entry> </row> <row> <entry>Table column</entry> <entry><literal>arwx</literal></entry> <entry>none</entry> <entry><literal>\dp</literal></entry> </row> <row> <entry><literal>TABLESPACE</literal></entry> <entry><literal>C</literal></entry> <entry>none</entry> <entry><literal>\db+</literal></entry> </row> <row> <entry><literal>TYPE</literal></entry> <entry><literal>U</literal></entry> <entry><literal>U</literal></entry> <entry><literal>\dT+</literal></entry> </row> </tbody> </tgroup> </table> <para> <indexterm> <primary><type>aclitem</type></primary> </indexterm> The privileges that have been granted for a particular object are displayed as a list of <type>aclitem</type> entries, each having the format: <synopsis> <replaceable>grantee</replaceable><literal>=</literal><replaceable>privilege-abbreviation</replaceable><optional><literal>*</literal></optional>...<literal>/</literal><replaceable>grantor</replaceable> </synopsis> Each <type>aclitem</type> lists all the permissions of one grantee that have been granted by a particular grantor. Specific privileges are represented by one-letter abbreviations from <xref linkend="privilege-abbrevs-table"/>, with <literal>*</literal> appended if the privilege was granted with grant option. For example, <literal>calvin=r*w/hobbes</literal> specifies that the role <literal>calvin</literal> has the privilege <literal>SELECT</literal> (<literal>r</literal>) with grant option (<literal>*</literal>) as well as the non-grantable privilege <literal>UPDATE</literal> (<literal>w</literal>), both granted by the role <literal>hobbes</literal>. If <literal>calvin</literal> also has some privileges on the same object granted by a different grantor, those would appear as a separate <type>aclitem</type> entry. An empty grantee field in an <type>aclitem</type> stands for <literal>PUBLIC</literal>. </para> <para> As an example, suppose that user <literal>miriam</literal> creates table <literal>mytable</literal> and does: <programlisting> GRANT SELECT ON mytable TO PUBLIC; GRANT SELECT,

This section summarizes access privileges for various PostgreSQL object types, including functions, foreign data wrappers, languages, large objects, schemas, sequences, tables, table columns, tablespaces and types. It shows the privileges available for each, the default PUBLIC privileges, and the psql command to view these privileges. It explains how granted privileges are displayed as a list of aclitem entries, detailing the grantee, privileges, grant option, and grantor.