-
System Information Functions
+
System Information Functions<span class="marked"> and Operators</span>
shows several
be specified by name or by OID.
+ shows the operators
+ available for the aclitem type, which is the internal
+ representation of access privileges. An aclitem entry
+ describes the permissions of a grantee, whether they are grantable
+ or not, and which grantor granted them. For instance,
+ calvin=r*w/hobbes specifies that the role
+ calvin has the grantable privilege
+ SELECT (r*) and the non-grantable
+ privilege UPDATE (w), granted by
+ the role hobbes. An empty grantee stands for
+ PUBLIC.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
<type>aclitem</type> Operators
+
+
+ |
+ Operator
+ Description
+ Example
+ Result
+
+
+
+
+ |
+ =
+ equal
+ 'calvin=r*w/hobbes'::aclitem = 'calvin=r*w*/hobbes'::aclitem
+ f
+
+
+ |
+ @>
+ contains element
+ '{calvin=r*w/hobbes,hobbes=r*w*/postgres}'::aclitem[] @> 'calvin=r*w/hobbes'::aclitem
+ t
+
+
+ |
+ ~
+ contains element
+ '{calvin=r*w/hobbes,hobbes=r*w*/postgres}'::aclitem[] ~ 'calvin=r*w/hobbes'::aclitem
+ t
+
+
+
+
+
+
+ shows some additional
+ functions to manage the aclitem type.
+
+
+
<type>aclitem</type> Functions
+
+
+ Name Return Type Description
+
+
+ |
+ aclitem[]
+
get the hardcoded default access privileges for an object belonging to ownerId+
+ |
+ setof record
+ get aclitem array as tuples
+
+ |
+
makeaclitem(grantee, grantor, privilege, grantable)+ aclitem
+ build an aclitem from input
+
+
+
+
+
+ acldefault returns the hardcoded default access privileges
+ for an object of
type belonging to role
ownerId.
+ Notice that these are used in the absence of any pg_default_acl
+ () entry. Default access privileges are described in
+ and can be overwritten with
+ . In other words, this function will return
+ results which may be misleading when the defaults have been overridden.
+ Type is a CHAR, use
+ 'c' for COLUMN,
+ 'r' for relation-like objects such as TABLE or VIEW,
+ 's' for SEQUENCE,
+ 'd' for DATABASE,
+ 'f' for FUNCTION or PROCEDURE,
+ 'l' for LANGUAGE,
+ 'L' for LARGE OBJECT,
+ 'n' for SCHEMA,
+ 't' for TABLESPACE,
+ 'F' for FOREIGN DATA WRAPPER,
+ 'S' for FOREIGN SERVER,
+ 'T' for TYPE or DOMAIN.
+
+
+ aclexplode returns an aclitem array
+ as a set rows. Output columns are grantor oid,
+ grantee oid (0 for PUBLIC),
+ granted privilege as text (SELECT, ...)
+ and whether the prilivege is grantable as boolean.
+ makeaclitem performs the inverse operation.
+
+
shows functions that
determine whether a certain object is visible in the
{ oid => '1365', descr => 'make ACL item',
proname => 'makeaclitem', prorettype => 'aclitem',
proargtypes => 'oid oid text bool', prosrc => 'makeaclitem' },
-{ oid => '3943', descr => 'TODO',
+{ oid => '3943', descr => 'show hardwired default privileges, primarily for use by the information schema',
proname => 'acldefault', prorettype => '_aclitem', proargtypes => 'char oid',
prosrc => 'acldefault_sql' },
{ oid => '1689',
- descr => 'convert ACL item array to table, for use by information schema',
+ descr => 'convert ACL item array to table, primarily for use by information schema',
proname => 'aclexplode', prorows => '10', proretset => 't',
provolatile => 's', prorettype => 'record', proargtypes => '_aclitem',
proallargtypes => '{_aclitem,oid,oid,text,bool}',
projects / postgresql.git / commitdiff