Use plurals (TABLES, FUNCTIONS, etc) in ALTER DEFAULT PRIVILEGES. We have

the keywords as a consequence of the GRANT ALL patch, so we might as well
use them and make the ALTER commands read more naturally.

doc/src/sgml/ref/alter_default_privileges.sgml

@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/alter_default_privileges.sgml,v 1.1 2009/10/05 19:24:33 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/alter_default_privileges.sgml,v 1.2 2009/10/12 23:41:43 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -30,35 +30,35 @@ ALTER DEFAULT PRIVILEGES
 
 GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
     [,...] | ALL [ PRIVILEGES ] }
-    ON TABLE
+    ON TABLES
     TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 GRANT { { USAGE | SELECT | UPDATE }
     [,...] | ALL [ PRIVILEGES ] }
-    ON SEQUENCE
+    ON SEQUENCES
     TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 GRANT { EXECUTE | ALL [ PRIVILEGES ] }
-    ON FUNCTION
+    ON FUNCTIONS
     TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 REVOKE [ GRANT OPTION FOR ]
     { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
     [,...] | ALL [ PRIVILEGES ] }
-    ON TABLE
+    ON TABLES
     FROM { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ GRANT OPTION FOR ]
     { { USAGE | SELECT | UPDATE }
     [,...] | ALL [ PRIVILEGES ] }
-    ON SEQUENCE
+    ON SEQUENCES
     FROM { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ GRANT OPTION FOR ]
     { EXECUTE | ALL [ PRIVILEGES ] }
-    ON FUNCTION
+    ON FUNCTIONS
     FROM { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 </synopsis>
@@ -165,8 +165,8 @@ REVOKE [ GRANT OPTION FOR ]
    role <literal>webuser</> to INSERT into them too:
 
 <programlisting>
-ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT ON TABLE TO PUBLIC;
+ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT ON TABLES TO PUBLIC;
-ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT INSERT ON TABLE TO webuser;
+ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT INSERT ON TABLES TO webuser;
 </programlisting>
   </para>
 
@@ -175,8 +175,8 @@ ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT INSERT ON TABLE TO webuser;
    more permissions than normal:
 
 <programlisting>
-ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE SELECT ON TABLE FROM PUBLIC;
+ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE SELECT ON TABLES FROM PUBLIC;
-ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE INSERT ON TABLE FROM webuser;
+ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE INSERT ON TABLES FROM webuser;
 </programlisting>
   </para>
 
@@ -185,7 +185,7 @@ ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE INSERT ON TABLE FROM webuser;
    for all functions subsequently created by role <literal>admin</>:
 
 <programlisting>
-ALTER DEFAULT PRIVILEGES FOR ROLE admin REVOKE EXECUTE ON FUNCTION FROM PUBLIC;
+ALTER DEFAULT PRIVILEGES FOR ROLE admin REVOKE EXECUTE ON FUNCTIONS FROM PUBLIC;
 </programlisting>
   </para>
  </refsect1>

src/backend/parser/gram.y

@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.684 2009/10/12 20:39:41 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.685 2009/10/12 23:41:43 tgl Exp $
  *
  * HISTORY
  *	  AUTHOR			DATE			MAJOR EVENT
@@ -4676,8 +4676,8 @@ DefACLOption:
 		;
 
 /*
- * This should match GRANT/REVOKE, except that target objects are missing
+ * This should match GRANT/REVOKE, except that individual target objects
- * and we only allow a subset of object types.
+ * are not mentioned and we only allow a subset of object types.
  */
 DefACLAction:
 			GRANT privileges ON defacl_privilege_target TO grantee_list
@@ -4724,9 +4724,9 @@ DefACLAction:
 		;
 
 defacl_privilege_target:
-			TABLE			{ $$ = ACL_OBJECT_RELATION; }
+			TABLES			{ $$ = ACL_OBJECT_RELATION; }
-			| FUNCTION		{ $$ = ACL_OBJECT_FUNCTION; }
+			| FUNCTIONS		{ $$ = ACL_OBJECT_FUNCTION; }
-			| SEQUENCE		{ $$ = ACL_OBJECT_SEQUENCE; }
+			| SEQUENCES		{ $$ = ACL_OBJECT_SEQUENCE; }
 		;
 
 

src/bin/pg_dump/dumputils.c

@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/bin/pg_dump/dumputils.c,v 1.50 2009/10/07 22:14:24 alvherre Exp $
+ * $PostgreSQL: pgsql/src/bin/pg_dump/dumputils.c,v 1.51 2009/10/12 23:41:43 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -689,7 +689,7 @@ buildACLCommands(const char *name, const char *subname,
 /*
  * Build ALTER DEFAULT PRIVILEGES command(s) for single pg_default_acl entry.
  *
- *	type: the object type (as seen in GRANT command)
+ *	type: the object type (TABLES, FUNCTIONS, etc)
  *	nspname: schema name, or NULL for global default privileges
  *	acls: the ACL string fetched from the database
  *	owner: username of privileges owner (will be passed through fmtId)
@@ -803,11 +803,13 @@ do { \
 	resetPQExpBuffer(privs);
 	resetPQExpBuffer(privswgo);
 
-	if (strcmp(type, "TABLE") == 0 || strcmp(type, "SEQUENCE") == 0)
+	if (strcmp(type, "TABLE") == 0 || strcmp(type, "SEQUENCE") == 0 ||
+		strcmp(type, "TABLES") == 0 || strcmp(type, "SEQUENCES") == 0)
 	{
 		CONVERT_PRIV('r', "SELECT");
 
-		if (strcmp(type, "SEQUENCE") == 0)
+		if (strcmp(type, "SEQUENCE") == 0 ||
+			strcmp(type, "SEQUENCES") == 0)
 			/* sequence only */
 			CONVERT_PRIV('U', "USAGE");
 		else
@@ -830,13 +832,16 @@ do { \
 		}
 
 		/* UPDATE */
-		if (remoteVersion >= 70200 || strcmp(type, "SEQUENCE") == 0)
+		if (remoteVersion >= 70200 ||
+			strcmp(type, "SEQUENCE") == 0 ||
+			strcmp(type, "SEQUENCES") == 0)
 			CONVERT_PRIV('w', "UPDATE");
 		else
 			/* 7.0 and 7.1 have a simpler worldview */
 			CONVERT_PRIV('w', "UPDATE,DELETE");
 	}
-	else if (strcmp(type, "FUNCTION") == 0)
+	else if (strcmp(type, "FUNCTION") == 0 ||
+			 strcmp(type, "FUNCTIONS") == 0)
 		CONVERT_PRIV('X', "EXECUTE");
 	else if (strcmp(type, "LANGUAGE") == 0)
 		CONVERT_PRIV('U', "USAGE");

src/bin/pg_dump/pg_dump.c

@@ -12,7 +12,7 @@
  *	by PostgreSQL
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.550 2009/10/09 21:02:56 petere Exp $
+ *	  $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.551 2009/10/12 23:41:43 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -9944,13 +9944,13 @@ dumpDefaultACL(Archive *fout, DefaultACLInfo *daclinfo)
 	switch (daclinfo->defaclobjtype)
 	{
 		case DEFACLOBJ_RELATION:
-			type = "TABLE";
+			type = "TABLES";
 			break;
 		case DEFACLOBJ_SEQUENCE:
-			type = "SEQUENCE";
+			type = "SEQUENCES";
 			break;
 		case DEFACLOBJ_FUNCTION:
-			type = "FUNCTION";
+			type = "FUNCTIONS";
 			break;
 		default:
 			/* shouldn't get here */
@@ -9960,7 +9960,7 @@ dumpDefaultACL(Archive *fout, DefaultACLInfo *daclinfo)
 			type = "";			/* keep compiler quiet */
 	}
 
-	appendPQExpBuffer(tag, "DEFAULT %s PRIVILEGES", type);
+	appendPQExpBuffer(tag, "DEFAULT PRIVILEGES FOR %s", type);
 
 	/* build the actual command(s) for this tuple */
 	if (!buildDefaultACLCommands(type,

src/test/regress/expected/privileges.out

@@ -853,7 +853,7 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
  f
 (1 row)
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLE TO public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
  has_table_privilege 
 ---------------------
@@ -880,7 +880,7 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
  f
 (1 row)
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLE TO regressuser1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regressuser1;
 DROP TABLE testns.acltest1;
 CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
@@ -895,7 +895,7 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- yes
  t
 (1 row)
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLE FROM regressuser1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regressuser1;
 DROP TABLE testns.acltest1;
 CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
@@ -910,7 +910,7 @@ SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
  f
 (1 row)
 
-ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTION FROM public;
+ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTIONS FROM public;
 SET ROLE regressuser1;
 CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
 SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- no
@@ -919,7 +919,7 @@ SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- no
  f
 (1 row)
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTION to public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTIONS to public;
 DROP FUNCTION testns.foo();
 CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
 SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- yes

src/test/regress/sql/privileges.sql

@@ -495,7 +495,7 @@ CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLE TO public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
 
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
@@ -506,7 +506,7 @@ CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLE TO regressuser1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regressuser1;
 
 DROP TABLE testns.acltest1;
 CREATE TABLE testns.acltest1 (x int);
@@ -514,7 +514,7 @@ CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- yes
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLE FROM regressuser1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regressuser1;
 
 DROP TABLE testns.acltest1;
 CREATE TABLE testns.acltest1 (x int);
@@ -522,7 +522,7 @@ CREATE TABLE testns.acltest1 (x int);
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes
 SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no
 
-ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTION FROM public;
+ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTIONS FROM public;
 
 SET ROLE regressuser1;
 
@@ -530,7 +530,7 @@ CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
 
 SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- no
 
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTION to public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTIONS to public;
 
 DROP FUNCTION testns.foo();
 CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;