diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index 17c44bc338..0ae3618f28 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -26683,6 +26683,22 @@ SELECT currval(pg_get_serial_sequence('sometable', 'id'));
Undefined objects are identified with NULL values.
+
+
+
+
+ pg_get_acl
+
+ pg_get_acl ( classidoid, objidoid )
+ aclitem[]
+
+
+ Returns the Access Control List (ACL) for a database object,
+ specified by catalog OID and object OID.
+ This function is useful for retrieving and inspecting the privileges associated with database objects.
+ This function returns NULL values for undefined objects.
+
+
diff --git a/doc/src/sgml/system-views.sgml b/doc/src/sgml/system-views.sgml
index 8c18bea902..cfc4887a37 100644
--- a/doc/src/sgml/system-views.sgml
+++ b/doc/src/sgml/system-views.sgml
@@ -111,6 +111,16 @@
materialized views
+
+ pg_ownerships
+ ownerships
+
+
+
+ pg_privileges
+ privileges
+
+
pg_policiespolicies
@@ -1801,6 +1811,256 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
+
+ <structname>pg_ownerships</structname>
+
+
+ pg_ownerships
+
+
+
+ The view pg_ownerships provides access to information about object ownerships.
+
+
+
+ <structname>pg_ownerships</structname> Columns
+
+
+
+
+ Column Type
+
+
+ Description
+
+
+
+
+
+
+
+ classidregclass
+ (references pg_class.oid)
+
+
+ The regclass OID of the system catalog the owned object is in
+
+
+
+
+
+ objidoid
+ (references any OID column)
+
+
+ The OID of the specific owned object
+
+
+
+
+
+ objsubidint4
+
+
+ For a table column, this is the column number (the
+ objid and classid refer to the
+ table itself). For all other object types, this column is
+ zero.
+
+
+
+
+
+ typetext
+
+
+ Identifies the type of database object
+
+
+
+
+
+ schematext
+
+
+ The schema name that the object belongs in, or NULL for object types that do not belong to schemas
+
+
+
+
+
+ nametext
+
+
+ The name of the object, quoted if necessary, if the name (along with schema name, if pertinent) is sufficient to uniquely identify the object, otherwise NULL
+
+
+
+
+
+ identitytext
+
+
+ The complete object identity, with the precise format depending on object type, and each name within the format being schema-qualified and quoted as necessary
+
+
+
+
+
+ ownerregrole
+ (references pg_authid.rolname)
+
+
+ Owner of the object
+
+
+
+
+
+
+
+
+
+
+ <structname>pg_privileges</structname>
+
+
+ pg_privileges
+
+
+
+ The view pg_privileges provides access to information about explicitly granted privileges on database objects.
+ The special grantee value - means the privilege is granted to PUBLIC.
+
+
+
+ <structname>pg_privileges</structname> Columns
+
+
+
+
+ Column Type
+
+
+ Description
+
+
+
+
+
+
+
+ classidregclass
+ (references pg_class.oid)
+
+
+ The regclass OID of the system catalog the granted object is in
+
+
+
+
+
+ objidoid
+ (references any OID column)
+
+
+ The OID of the specific granted object
+
+
+
+
+
+ objsubidint4
+
+
+ For a table column, this is the column number (the
+ objid and classid refer to the
+ table itself). For all other object types, this column is
+ zero.
+
+
+
+
+
+ typetext
+
+
+ Identifies the type of database object
+
+
+
+
+
+ schematext
+
+
+ The schema name that the object belongs in, or NULL for object types that do not belong to schemas
+
+
+
+
+
+ nametext
+
+
+ The name of the object, quoted if necessary, if the name (along with schema name, if pertinent) is sufficient to uniquely identify the object, otherwise NULL
+
+
+
+
+
+ identitytext
+
+
+ The complete object identity, with the precise format depending on object type, and each name within the format being schema-qualified and quoted as necessary
+
+
+
+
+
+ grantorregrole
+ (references pg_authid.rolname)
+
+
+ Role that granted this privilege
+
+
+
+
+
+ granteeregrole
+ (references pg_authid.rolname)
+
+
+ Role to whom privilege is granted
+
+
+
+
+
+ privilege_typetext
+
+
+ Type of the privilege: SELECT,
+ INSERT, UPDATE, or
+ REFERENCES
+
+
+
+
+
+ is_grantableboolean
+
+
+ true if the privilege is grantable, false if not
+
+
+
+
+
+
+
+
<structname>pg_policies</structname>
diff --git a/src/backend/catalog/objectaddress.c b/src/backend/catalog/objectaddress.c
index 7b536ac6fd..0579b66ab7 100644
--- a/src/backend/catalog/objectaddress.c
+++ b/src/backend/catalog/objectaddress.c
@@ -4362,6 +4362,49 @@ pg_identify_object_as_address(PG_FUNCTION_ARGS)
PG_RETURN_DATUM(HeapTupleGetDatum(htup));
}
+/*
+ * SQL-level callable function to obtain the Access Control List (ACL)
+ * of a specified object, given its catalog OID and object OID.
+ */
+Datum
+pg_get_acl(PG_FUNCTION_ARGS)
+{
+ Oid classId = PG_GETARG_OID(0);
+ Oid objectId = PG_GETARG_OID(1);
+ Oid catalogId = (classId == LargeObjectRelationId) ? LargeObjectMetadataRelationId : classId;
+ AttrNumber Anum_oid = get_object_attnum_oid(catalogId);
+ AttrNumber Anum_acl = get_object_attnum_acl(catalogId);
+ Relation rel;
+ HeapTuple tup;
+ Datum datum;
+ bool isnull;
+
+ /* for "pinned" items in pg_depend, return null */
+ if (!OidIsValid(classId) && !OidIsValid(objectId))
+ PG_RETURN_NULL();
+
+ rel = table_open(catalogId, AccessShareLock);
+
+ tup = get_catalog_object_by_oid(rel, Anum_oid, objectId);
+ if (tup == NULL)
+ elog(ERROR, "cache lookup failed for object %u of catalog \"%s\"",
+ objectId, RelationGetRelationName(rel));
+
+ if (Anum_acl != InvalidAttrNumber)
+ {
+ datum = heap_getattr(tup, Anum_acl, RelationGetDescr(rel), &isnull);
+ if (!isnull)
+ {
+ table_close(rel, AccessShareLock);
+ PG_RETURN_DATUM(datum);
+ }
+ }
+
+ table_close(rel, AccessShareLock);
+ PG_RETURN_NULL();
+}
+
+
/*
* Return a palloc'ed string that describes the type of object that the
* passed address is for.
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index 53047cab5f..6a575ff03b 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -605,6 +605,44 @@ FROM
pg_shseclabel l
JOIN pg_authid rol ON l.classoid = rol.tableoid AND l.objoid = rol.oid;
+CREATE VIEW pg_privileges AS
+ SELECT
+ a.classid::regclass,
+ a.objid,
+ a.objsubid,
+ a.type,
+ a.schema,
+ a.name,
+ a.identity,
+ a.grantor::regrole,
+ a.grantee::regrole,
+ a.privilege_type,
+ a.is_grantable
+ FROM
+ (
+ SELECT
+ pg_shdepend.classid,
+ pg_shdepend.objid,
+ pg_shdepend.objsubid,
+ (pg_identify_object(pg_shdepend.classid,pg_shdepend.objid,pg_shdepend.objsubid)).*,
+ (pg_catalog.aclexplode(pg_catalog.pg_get_acl(pg_shdepend.classid,pg_shdepend.objid))).*
+ FROM pg_catalog.pg_shdepend
+ JOIN pg_catalog.pg_database ON pg_database.datname = current_database() AND pg_database.oid = pg_shdepend.dbid
+ JOIN pg_catalog.pg_authid ON pg_authid.oid = pg_shdepend.refobjid AND pg_shdepend.refclassid = 'pg_authid'::regclass
+ WHERE pg_shdepend.deptype = 'a'
+ ) AS a;
+
+CREATE VIEW pg_ownerships AS
+ SELECT
+ a.classid::regclass,
+ a.objid,
+ a.objsubid,
+ (pg_identify_object(a.classid,a.objid,a.objsubid)).*,a.refobjid::regrole AS owner
+ FROM pg_catalog.pg_shdepend AS a
+ JOIN pg_catalog.pg_database ON pg_database.datname = current_database() AND pg_database.oid = a.dbid
+ JOIN pg_catalog.pg_authid ON pg_authid.oid = a.refobjid AND a.refclassid = 'pg_authid'::regclass
+ WHERE a.deptype = 'o';
+
CREATE VIEW pg_settings AS
SELECT * FROM pg_show_all_settings() AS A;
diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat
index 6a5476d3c4..5ab9b11b47 100644
--- a/src/include/catalog/pg_proc.dat
+++ b/src/include/catalog/pg_proc.dat
@@ -6362,6 +6362,12 @@
proname => 'pg_describe_object', provolatile => 's', prorettype => 'text',
proargtypes => 'oid oid int4', prosrc => 'pg_describe_object' },
+{ oid => '6347', descr => 'get ACL for SQL object',
+ proname => 'pg_get_acl', provolatile => 's', prorettype => '_aclitem',
+ proargtypes => 'oid oid',
+ proargnames => '{classid,objid}',
+ prosrc => 'pg_get_acl' },
+
{ oid => '3839',
descr => 'get machine-parseable identification of SQL object',
proname => 'pg_identify_object', provolatile => 's', prorettype => 'record',
diff --git a/src/test/regress/expected/rules.out b/src/test/regress/expected/rules.out
index ef658ad740..2a82b672db 100644
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@@ -1397,6 +1397,18 @@ pg_matviews| SELECT n.nspname AS schemaname,
LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace)))
LEFT JOIN pg_tablespace t ON ((t.oid = c.reltablespace)))
WHERE (c.relkind = 'm'::"char");
+pg_ownerships| SELECT (a.classid)::regclass AS classid,
+ a.objid,
+ a.objsubid,
+ (pg_identify_object(a.classid, a.objid, a.objsubid)).type AS type,
+ (pg_identify_object(a.classid, a.objid, a.objsubid)).schema AS schema,
+ (pg_identify_object(a.classid, a.objid, a.objsubid)).name AS name,
+ (pg_identify_object(a.classid, a.objid, a.objsubid)).identity AS identity,
+ (a.refobjid)::regrole AS owner
+ FROM ((pg_shdepend a
+ JOIN pg_database ON (((pg_database.datname = current_database()) AND (pg_database.oid = a.dbid))))
+ JOIN pg_authid ON (((pg_authid.oid = a.refobjid) AND (a.refclassid = ('pg_authid'::regclass)::oid))))
+ WHERE (a.deptype = 'o'::"char");
pg_policies| SELECT n.nspname AS schemaname,
c.relname AS tablename,
pol.polname AS policyname,
@@ -1441,6 +1453,32 @@ pg_prepared_xacts| SELECT p.transaction,
FROM ((pg_prepared_xact() p(transaction, gid, prepared, ownerid, dbid)
LEFT JOIN pg_authid u ON ((p.ownerid = u.oid)))
LEFT JOIN pg_database d ON ((p.dbid = d.oid)));
+pg_privileges| SELECT (classid)::regclass AS classid,
+ objid,
+ objsubid,
+ type,
+ schema,
+ name,
+ identity,
+ (grantor)::regrole AS grantor,
+ (grantee)::regrole AS grantee,
+ privilege_type,
+ is_grantable
+ FROM ( SELECT pg_shdepend.classid,
+ pg_shdepend.objid,
+ pg_shdepend.objsubid,
+ (pg_identify_object(pg_shdepend.classid, pg_shdepend.objid, pg_shdepend.objsubid)).type AS type,
+ (pg_identify_object(pg_shdepend.classid, pg_shdepend.objid, pg_shdepend.objsubid)).schema AS schema,
+ (pg_identify_object(pg_shdepend.classid, pg_shdepend.objid, pg_shdepend.objsubid)).name AS name,
+ (pg_identify_object(pg_shdepend.classid, pg_shdepend.objid, pg_shdepend.objsubid)).identity AS identity,
+ (aclexplode(pg_get_acl(pg_shdepend.classid, pg_shdepend.objid))).grantor AS grantor,
+ (aclexplode(pg_get_acl(pg_shdepend.classid, pg_shdepend.objid))).grantee AS grantee,
+ (aclexplode(pg_get_acl(pg_shdepend.classid, pg_shdepend.objid))).privilege_type AS privilege_type,
+ (aclexplode(pg_get_acl(pg_shdepend.classid, pg_shdepend.objid))).is_grantable AS is_grantable
+ FROM ((pg_shdepend
+ JOIN pg_database ON (((pg_database.datname = current_database()) AND (pg_database.oid = pg_shdepend.dbid))))
+ JOIN pg_authid ON (((pg_authid.oid = pg_shdepend.refobjid) AND (pg_shdepend.refclassid = ('pg_authid'::regclass)::oid))))
+ WHERE (pg_shdepend.deptype = 'a'::"char")) a;
pg_publication_tables| SELECT p.pubname,
n.nspname AS schemaname,
c.relname AS tablename,