Default Privileges and ACL Privilege Abbreviations in PostgreSQL

other types of objects, the default privileges granted to <literal>PUBLIC</literal> are as follows: <literal>CONNECT</literal> and <literal>TEMPORARY</literal> (create temporary tables) privileges for databases; <literal>EXECUTE</literal> privilege for functions and procedures; and <literal>USAGE</literal> privilege for languages and data types (including domains). The object owner can, of course, <command>REVOKE</command> both default and expressly granted privileges. (For maximum security, issue the <command>REVOKE</command> in the same transaction that creates the object; then there is no window in which another user can use the object.) Also, these default privilege settings can be overridden using the <xref linkend="sql-alterdefaultprivileges"/> command. </para> <para> <xref linkend="privilege-abbrevs-table"/> shows the one-letter abbreviations that are used for these privilege types in <firstterm><acronym>ACL</acronym></firstterm> values. You will see these letters in the output of the <xref linkend="app-psql"/> commands listed below, or when looking at <acronym>ACL</acronym> columns of system catalogs. </para> <table id="privilege-abbrevs-table"> <title><acronym>ACL</acronym> Privilege Abbreviations</title> <tgroup cols="3"> <colspec colname="col1" colwidth="1*"/> <colspec colname="col2" colwidth="1*"/> <colspec colname="col3" colwidth="2*"/> <thead> <row> <entry>Privilege</entry> <entry>Abbreviation</entry> <entry>Applicable Object Types</entry> </row> </thead> <tbody> <row> <entry><literal>SELECT</literal></entry> <entry><literal>r</literal> (<quote>read</quote>)</entry> <entry> <literal>LARGE OBJECT</literal>, <literal>SEQUENCE</literal>, <literal>TABLE</literal> (and table-like objects), table column </entry> </row> <row> <entry><literal>INSERT</literal></entry> <entry><literal>a</literal> (<quote>append</quote>)</entry> <entry><literal>TABLE</literal>, table column</entry> </row> <row> <entry><literal>UPDATE</literal></entry> <entry><literal>w</literal> (<quote>write</quote>)</entry> <entry> <literal>LARGE OBJECT</literal>, <literal>SEQUENCE</literal>, <literal>TABLE</literal>, table column </entry> </row> <row> <entry><literal>DELETE</literal></entry> <entry><literal>d</literal></entry> <entry><literal>TABLE</literal></entry> </row> <row> <entry><literal>TRUNCATE</literal></entry> <entry><literal>D</literal></entry> <entry><literal>TABLE</literal></entry> </row> <row> <entry><literal>REFERENCES</literal></entry> <entry><literal>x</literal></entry> <entry><literal>TABLE</literal>, table column</entry> </row> <row> <entry><literal>TRIGGER</literal></entry> <entry><literal>t</literal></entry> <entry><literal>TABLE</literal></entry> </row> <row> <entry><literal>CREATE</literal></entry> <entry><literal>C</literal></entry> <entry> <literal>DATABASE</literal>, <literal>SCHEMA</literal>, <literal>TABLESPACE</literal> </entry> </row> <row> <entry><literal>CONNECT</literal></entry> <entry><literal>c</literal></entry> <entry><literal>DATABASE</literal></entry> </row> <row> <entry><literal>TEMPORARY</literal></entry> <entry><literal>T</literal></entry> <entry><literal>DATABASE</literal></entry> </row> <row> <entry><literal>EXECUTE</literal></entry> <entry><literal>X</literal></entry> <entry><literal>FUNCTION</literal>, <literal>PROCEDURE</literal></entry> </row> <row> <entry><literal>USAGE</literal></entry> <entry><literal>U</literal></entry> <entry> <literal>DOMAIN</literal>,

PostgreSQL grants CONNECT and TEMPORARY privileges to PUBLIC for databases, EXECUTE for functions and procedures, and USAGE for languages and data types by default. Owners can revoke these privileges, ideally in the same transaction that creates the object. The ALTER DEFAULT PRIVILEGES command can override these default settings. The section includes a table showing the one-letter abbreviations used for each privilege type in ACL values, which are displayed in psql commands and system catalog ACL columns.