@@ -88,25 +88,19 @@ REVOKE [ GRANT OPTION FOR ]
8888 <title>Description</title>
8989
9090 <para>
91- <command>ALTER DEFAULT PRIVILEGES</command> allows you to set the privileges
92- that will be applied to objects created in the future. (It does not
93- affect privileges assigned to already-existing objects.) Currently,
94- only the privileges for schemas, tables (including views and foreign
95- tables), sequences, functions, and types (including domains) can be
96- altered. For this command, functions include aggregates and procedures.
97- The words <literal>FUNCTIONS</literal> and <literal>ROUTINES</literal> are
98- equivalent in this command. (<literal>ROUTINES</literal> is preferred
99- going forward as the standard term for functions and procedures taken
100- together. In earlier PostgreSQL releases, only the
101- word <literal>FUNCTIONS</literal> was allowed. It is not possible to set
102- default privileges for functions and procedures separately.)
91+ <command>ALTER DEFAULT PRIVILEGES</command> allows you to set the
92+ privileges that will be applied to objects created in the future.
93+ (It does not affect privileges assigned to already-existing objects.)
94+ Privileges can be set globally (i.e., for all objects created in the
95+ current database), or just for objects created in specified schemas.
10396 </para>
10497
10598 <para>
106- You can change default privileges only for objects that will be created by
107- yourself or by roles that you are a member of. The privileges can be set
108- globally (i.e., for all objects created in the current database),
109- or just for objects created in specified schemas.
99+ While you can change your own default privileges and the defaults of
100+ roles that you are a member of, at object creation time, new object
101+ permissions are only affected by the default privileges of the current
102+ role, and are not inherited from any roles in which the current role
103+ is a member.
110104 </para>
111105
112106 <para>
@@ -118,6 +112,19 @@ REVOKE [ GRANT OPTION FOR ]
118112 <command>ALTER DEFAULT PRIVILEGES</command>.
119113 </para>
120114
115+ <para>
116+ Currently,
117+ only the privileges for schemas, tables (including views and foreign
118+ tables), sequences, functions, and types (including domains) can be
119+ altered. For this command, functions include aggregates and procedures.
120+ The words <literal>FUNCTIONS</literal> and <literal>ROUTINES</literal> are
121+ equivalent in this command. (<literal>ROUTINES</literal> is preferred
122+ going forward as the standard term for functions and procedures taken
123+ together. In earlier PostgreSQL releases, only the
124+ word <literal>FUNCTIONS</literal> was allowed. It is not possible to set
125+ default privileges for functions and procedures separately.)
126+ </para>
127+
121128 <para>
122129 Default privileges that are specified per-schema are added to whatever
123130 the global default privileges are for the particular object type.
@@ -136,12 +143,9 @@ REVOKE [ GRANT OPTION FOR ]
136143 <term><replaceable>target_role</replaceable></term>
137144 <listitem>
138145 <para>
139- The name of an existing role of which the current role is a member.
140- Default access privileges are not inherited, so member roles
141- must use <command>SET ROLE</command> to access these privileges,
142- or <command>ALTER DEFAULT PRIVILEGES</command> must be run for
143- each member role. If <literal>FOR ROLE</literal> is omitted,
144- the current role is assumed.
146+ Change default privileges for objects created by the
147+ <replaceable>target_role</replaceable>, or the current
148+ role if unspecified.
145149 </para>
146150 </listitem>
147151 </varlistentry>
0 commit comments