Contents
pg_parameter_acl
A system table storing information about individual GUC privileges
pg_parameter_acl
is a system catalogue table which stores information about configuration parameters for which privileges have been explicilty granted to one or more roles.
pg_parameter_acl
was added in PostgreSQL 15.
Usage
From PostgreSQL 15, permissions on individual configuration parameters can be explicitly granted to individual database users, using the syntax GRANT SET ON PARAMETER
or GRANT ALTER SYSTEM ON PARAMETER
(and correspondingly removed with rEVOKE
). These permissions are tracked via pg_parameter_acl
.
Change history
- PostgreSQL 15
- added (commit a0ffa885)
Examples
Example usage for pg_parameter_acl
:
postgres=> SET SESSION track_activities = off; ERROR: permission denied to set parameter "track_activities" postgres=> \c - postgres You are now connected to database "postgres" as user "postgres". postgres=# SELECT * FROM pg_parameter_acl ; oid | parname | paracl -----+---------+-------- (0 rows) postgres=# GRANT SET ON PARAMETER track_activities TO foo; GRANT postgres=# SELECT * FROM pg_parameter_acl; oid | parname | paracl -------+------------------+--------------------------------------- 16393 | track_activities | {postgres=sA/postgres,foo=s/postgres} (1 row) postgres=# \dconfig+ track_activities List of configuration parameters Parameter | Value | Type | Context | Access privileges ------------------+-------+------+-----------+---------------------- track_activities | on | bool | superuser | postgres=sA/postgres+ | | | | foo=s/postgres (1 row) postgres=# \c - foo You are now connected to database "postgres" as user "foo". postgres=> SET SESSION track_activities = off; SET
References
- PostgreSQL documentation: pg_parameter_acl