Re: Setting ACL

Vik Fearing <vik@postgresfriends.org> writes:
> I have a few questions about setting acl on SQL level.
> Is it safe to do something like
>     UPDATE pg_class SET relacl = $1 WHERE oid = $2;
> ?

> I don't think it is because ExecGrant_* call updateAclDependencies after
> they do the update and my own update would not do that.  But is it safe
> to do my update if I'm not touching anything in pg_global?

Well, it'll work, but the system won't know about the role references
in this ACL item, so for instance dropping the role wouldn't make the
ACL go away.  Which might cause you dump/reload issues later.

> And finally, would there be any interest in a function like
> aclset("char", oid, aclitem[]) and does this properly?

Not really, when GRANT is already there ...

            regards, tom lane