Skip to content

Commit d1379eb

Browse files
tglsfdctglsfdc
committed
Improve default and empty privilege outputs in psql.
Default privileges are represented as NULL::aclitem[] in catalog ACL columns, while revoking all privileges leaves an empty aclitem[]. These two cases used to produce identical output in psql meta-commands like \dp. Using something like "\pset null '(default)'" as a workaround for spotting the difference did not work, because null values were always displayed as empty strings by describe.c's meta-commands. This patch improves that with two changes: 1. Print "(none)" for empty privileges so that the user is able to distinguish them from default privileges, even without special workarounds. 2. Remove the special handling of null values in describe.c, so that "\pset null" is honored like everywhere else. (This affects all output from these commands, not only ACLs.) The privileges shown by \dconfig+ and \ddp as well as the column privileges shown by \dp are not affected by change #1, because the respective aclitem[] is reset to NULL or deleted from the catalog instead of leaving an empty array. Erik Wienhold and Laurenz Albe Discussion: https://postgr.es/m/1966228777.127452.1694979110595@office.mailbox.org
1 parent bd86407 commit d1379eb

File tree

4 files changed

+115
-45
lines changed

4 files changed

+115
-45
lines changed

doc/src/sgml/ddl.sgml

+15-1
Original file line numberDiff line numberDiff line change
@@ -1737,6 +1737,11 @@ ALTER TABLE products RENAME TO items;
17371737
<primary>ACL</primary>
17381738
</indexterm>
17391739

1740+
<indexterm zone="ddl-priv-default">
1741+
<primary>privilege</primary>
1742+
<secondary>default</secondary>
1743+
</indexterm>
1744+
17401745
<para>
17411746
When an object is created, it is assigned an owner. The
17421747
owner is normally the role that executed the creation statement.
@@ -2049,7 +2054,7 @@ REVOKE ALL ON accounts FROM PUBLIC;
20492054
reference page of the respective command.
20502055
</para>
20512056

2052-
<para>
2057+
<para id="ddl-priv-default">
20532058
PostgreSQL grants privileges on some types of objects to
20542059
<literal>PUBLIC</literal> by default when the objects are created.
20552060
No privileges are granted to <literal>PUBLIC</literal> by default on
@@ -2375,6 +2380,15 @@ GRANT SELECT (col1), UPDATE (col1) ON mytable TO miriam_rw;
23752380
access privileges display. A <literal>*</literal> will appear only when
23762381
grant options have been explicitly granted to someone.
23772382
</para>
2383+
2384+
<para>
2385+
The <quote>Access privileges</quote> column
2386+
shows <literal>(none)</literal> when the object's privileges entry is
2387+
non-null but empty. This means that no privileges are granted at all,
2388+
even to the object's owner &mdash; a rare situation. (The owner still
2389+
has implicit grant options in this case, and so could re-grant her own
2390+
privileges; but she has none at the moment.)
2391+
</para>
23782392
</sect1>
23792393

23802394
<sect1 id="ddl-rowsecurity">

0 commit comments

Comments
 (0)