diff --git a/doc/src/sgml/ref/alter_default_privileges.sgml b/doc/src/sgml/ref/alter_default_privileges.sgml
index b2054b1780..66bf72b4e3 100644
--- a/doc/src/sgml/ref/alter_default_privileges.sgml
+++ b/doc/src/sgml/ref/alter_default_privileges.sgml
@@ -1,5 +1,5 @@
@@ -30,35 +30,35 @@ ALTER DEFAULT PRIVILEGES
GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
[,...] | ALL [ PRIVILEGES ] }
- ON TABLE
+ ON TABLES
TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
GRANT { { USAGE | SELECT | UPDATE }
[,...] | ALL [ PRIVILEGES ] }
- ON SEQUENCE
+ ON SEQUENCES
TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
GRANT { EXECUTE | ALL [ PRIVILEGES ] }
- ON FUNCTION
+ ON FUNCTIONS
TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
REVOKE [ GRANT OPTION FOR ]
{ { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
[,...] | ALL [ PRIVILEGES ] }
- ON TABLE
+ ON TABLES
FROM { [ GROUP ] role_name | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
{ { USAGE | SELECT | UPDATE }
[,...] | ALL [ PRIVILEGES ] }
- ON SEQUENCE
+ ON SEQUENCES
FROM { [ GROUP ] role_name | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
{ EXECUTE | ALL [ PRIVILEGES ] }
- ON FUNCTION
+ ON FUNCTIONS
FROM { [ GROUP ] role_name | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
@@ -165,8 +165,8 @@ REVOKE [ GRANT OPTION FOR ]
role webuser to INSERT into them too:
-ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT ON TABLE TO PUBLIC;
-ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT INSERT ON TABLE TO webuser;
+ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT ON TABLES TO PUBLIC;
+ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT INSERT ON TABLES TO webuser;
@@ -175,8 +175,8 @@ ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT INSERT ON TABLE TO webuser;
more permissions than normal:
-ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE SELECT ON TABLE FROM PUBLIC;
-ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE INSERT ON TABLE FROM webuser;
+ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE SELECT ON TABLES FROM PUBLIC;
+ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE INSERT ON TABLES FROM webuser;
@@ -185,7 +185,7 @@ ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE INSERT ON TABLE FROM webuser;
for all functions subsequently created by role admin:
-ALTER DEFAULT PRIVILEGES FOR ROLE admin REVOKE EXECUTE ON FUNCTION FROM PUBLIC;
+ALTER DEFAULT PRIVILEGES FOR ROLE admin REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index 4f50287643..17463ee3b8 100644
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -11,7 +11,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.684 2009/10/12 20:39:41 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.685 2009/10/12 23:41:43 tgl Exp $
*
* HISTORY
* AUTHOR DATE MAJOR EVENT
@@ -4676,8 +4676,8 @@ DefACLOption:
;
/*
- * This should match GRANT/REVOKE, except that target objects are missing
- * and we only allow a subset of object types.
+ * This should match GRANT/REVOKE, except that individual target objects
+ * are not mentioned and we only allow a subset of object types.
*/
DefACLAction:
GRANT privileges ON defacl_privilege_target TO grantee_list
@@ -4724,9 +4724,9 @@ DefACLAction:
;
defacl_privilege_target:
- TABLE { $$ = ACL_OBJECT_RELATION; }
- | FUNCTION { $$ = ACL_OBJECT_FUNCTION; }
- | SEQUENCE { $$ = ACL_OBJECT_SEQUENCE; }
+ TABLES { $$ = ACL_OBJECT_RELATION; }
+ | FUNCTIONS { $$ = ACL_OBJECT_FUNCTION; }
+ | SEQUENCES { $$ = ACL_OBJECT_SEQUENCE; }
;
diff --git a/src/bin/pg_dump/dumputils.c b/src/bin/pg_dump/dumputils.c
index f8aa9e64b9..c7cfa2a621 100644
--- a/src/bin/pg_dump/dumputils.c
+++ b/src/bin/pg_dump/dumputils.c
@@ -8,7 +8,7 @@
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/bin/pg_dump/dumputils.c,v 1.50 2009/10/07 22:14:24 alvherre Exp $
+ * $PostgreSQL: pgsql/src/bin/pg_dump/dumputils.c,v 1.51 2009/10/12 23:41:43 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -689,7 +689,7 @@ buildACLCommands(const char *name, const char *subname,
/*
* Build ALTER DEFAULT PRIVILEGES command(s) for single pg_default_acl entry.
*
- * type: the object type (as seen in GRANT command)
+ * type: the object type (TABLES, FUNCTIONS, etc)
* nspname: schema name, or NULL for global default privileges
* acls: the ACL string fetched from the database
* owner: username of privileges owner (will be passed through fmtId)
@@ -803,11 +803,13 @@ do { \
resetPQExpBuffer(privs);
resetPQExpBuffer(privswgo);
- if (strcmp(type, "TABLE") == 0 || strcmp(type, "SEQUENCE") == 0)
+ if (strcmp(type, "TABLE") == 0 || strcmp(type, "SEQUENCE") == 0 ||
+ strcmp(type, "TABLES") == 0 || strcmp(type, "SEQUENCES") == 0)
{
CONVERT_PRIV('r', "SELECT");
- if (strcmp(type, "SEQUENCE") == 0)
+ if (strcmp(type, "SEQUENCE") == 0 ||
+ strcmp(type, "SEQUENCES") == 0)
/* sequence only */
CONVERT_PRIV('U', "USAGE");
else
@@ -830,13 +832,16 @@ do { \
}
/* UPDATE */
- if (remoteVersion >= 70200 || strcmp(type, "SEQUENCE") == 0)
+ if (remoteVersion >= 70200 ||
+ strcmp(type, "SEQUENCE") == 0 ||
+ strcmp(type, "SEQUENCES") == 0)
CONVERT_PRIV('w', "UPDATE");
else
/* 7.0 and 7.1 have a simpler worldview */
CONVERT_PRIV('w', "UPDATE,DELETE");
}
- else if (strcmp(type, "FUNCTION") == 0)
+ else if (strcmp(type, "FUNCTION") == 0 ||
+ strcmp(type, "FUNCTIONS") == 0)
CONVERT_PRIV('X', "EXECUTE");
else if (strcmp(type, "LANGUAGE") == 0)
CONVERT_PRIV('U', "USAGE");
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index 18c1408122..b0dfba9d6d 100644
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -12,7 +12,7 @@
* by PostgreSQL
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.550 2009/10/09 21:02:56 petere Exp $
+ * $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.551 2009/10/12 23:41:43 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -9944,13 +9944,13 @@ dumpDefaultACL(Archive *fout, DefaultACLInfo *daclinfo)
switch (daclinfo->defaclobjtype)
{
case DEFACLOBJ_RELATION:
- type = "TABLE";
+ type = "TABLES";
break;
case DEFACLOBJ_SEQUENCE:
- type = "SEQUENCE";
+ type = "SEQUENCES";
break;
case DEFACLOBJ_FUNCTION:
- type = "FUNCTION";
+ type = "FUNCTIONS";
break;
default:
/* shouldn't get here */
@@ -9960,7 +9960,7 @@ dumpDefaultACL(Archive *fout, DefaultACLInfo *daclinfo)
type = ""; /* keep compiler quiet */
}
- appendPQExpBuffer(tag, "DEFAULT %s PRIVILEGES", type);
+ appendPQExpBuffer(tag, "DEFAULT PRIVILEGES FOR %s", type);
/* build the actual command(s) for this tuple */
if (!buildDefaultACLCommands(type,
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index 8214b77901..16b5581316 100644
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -853,7 +853,7 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
f
(1 row)
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLE TO public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
has_table_privilege
---------------------
@@ -880,7 +880,7 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
f
(1 row)
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLE TO regressuser1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regressuser1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
@@ -895,7 +895,7 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- yes
t
(1 row)
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLE FROM regressuser1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regressuser1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
@@ -910,7 +910,7 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
f
(1 row)
-ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTION FROM public;
+ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTIONS FROM public;
SET ROLE regressuser1;
CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- no
@@ -919,7 +919,7 @@ SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- no
f
(1 row)
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTION to public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTIONS to public;
DROP FUNCTION testns.foo();
CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- yes
diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql
index c5aaffc8d5..943fe364b7 100644
--- a/src/test/regress/sql/privileges.sql
+++ b/src/test/regress/sql/privileges.sql
@@ -495,7 +495,7 @@ CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLE TO public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
@@ -506,7 +506,7 @@ CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLE TO regressuser1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regressuser1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
@@ -514,7 +514,7 @@ CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- yes
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLE FROM regressuser1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regressuser1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
@@ -522,7 +522,7 @@ CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
-ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTION FROM public;
+ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTIONS FROM public;
SET ROLE regressuser1;
@@ -530,7 +530,7 @@ CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- no
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTION to public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTIONS to public;
DROP FUNCTION testns.foo();
CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;