[PATCH v4 3/5] Don't use OBJECT_RELATION with aclcheck_error

Peter Eisentraut <peter_e@gmx.net>

From: Peter Eisentraut <peter_e@gmx.net>
To:
Date: 2018-01-16T18:32:03Z
Lists: pgsql-hackers
---
 contrib/dblink/dblink.c                        |   2 +-
 contrib/file_fdw/output/file_fdw.source        |   2 +-
 contrib/pg_prewarm/pg_prewarm.c                |   2 +-
 contrib/pgrowlocks/pgrowlocks.c                |   3 +-
 contrib/test_decoding/expected/permissions.out |   4 +-
 src/backend/catalog/aclchk.c                   |   8 +-
 src/backend/catalog/namespace.c                |   2 +-
 src/backend/catalog/objectaddress.c            |  25 +++++
 src/backend/commands/lockcmds.c                |   4 +-
 src/backend/commands/policy.c                  |   2 +-
 src/backend/commands/publicationcmds.c         |   2 +-
 src/backend/commands/statscmds.c               |   3 +-
 src/backend/commands/tablecmds.c               |  24 ++---
 src/backend/commands/trigger.c                 |   6 +-
 src/backend/executor/execMain.c                |   2 +-
 src/backend/parser/parse_utilcmd.c             |   2 +-
 src/backend/rewrite/rewriteDefine.c            |   6 +-
 src/backend/utils/adt/tid.c                    |   5 +-
 src/include/catalog/objectaddress.h            |   2 +
 src/test/regress/expected/alter_table.out      |   2 +-
 src/test/regress/expected/copy2.out            |   6 +-
 src/test/regress/expected/lock.out             |   2 +-
 src/test/regress/expected/privileges.out       | 144 ++++++++++++-------------
 src/test/regress/expected/publication.out      |   2 +-
 src/test/regress/expected/rowsecurity.out      |  18 ++--
 src/test/regress/expected/select_into.out      |   6 +-
 src/test/regress/expected/sequence.out         |   2 +-
 src/test/regress/expected/updatable_views.out  |  30 +++---
 28 files changed, 172 insertions(+), 146 deletions(-)

diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c
index 6b4d036d9e..742e2a20c3 100644
--- a/contrib/dblink/dblink.c
+++ b/contrib/dblink/dblink.c
@@ -2504,7 +2504,7 @@ get_rel_from_relname(text *relname_text, LOCKMODE lockmode, AclMode aclmode)
 	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
 								  aclmode);
 	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, OBJECT_RELATION,
+		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 					   RelationGetRelationName(rel));
 
 	return rel;
diff --git a/contrib/file_fdw/output/file_fdw.source b/contrib/file_fdw/output/file_fdw.source
index 709c43ec80..e2d8b87015 100644
--- a/contrib/file_fdw/output/file_fdw.source
+++ b/contrib/file_fdw/output/file_fdw.source
@@ -393,7 +393,7 @@ SELECT * FROM agg_text ORDER BY a;
 
 SET ROLE regress_no_priv_user;
 SELECT * FROM agg_text ORDER BY a;   -- ERROR
-ERROR:  permission denied for relation agg_text
+ERROR:  permission denied for foreign table agg_text
 SET ROLE regress_file_fdw_user;
 \t on
 EXPLAIN (VERBOSE, COSTS FALSE) SELECT * FROM agg_text WHERE a > 0;
diff --git a/contrib/pg_prewarm/pg_prewarm.c b/contrib/pg_prewarm/pg_prewarm.c
index bab01e6781..7755c1a6cf 100644
--- a/contrib/pg_prewarm/pg_prewarm.c
+++ b/contrib/pg_prewarm/pg_prewarm.c
@@ -107,7 +107,7 @@ pg_prewarm(PG_FUNCTION_ARGS)
 	rel = relation_open(relOid, AccessShareLock);
 	aclresult = pg_class_aclcheck(relOid, GetUserId(), ACL_SELECT);
 	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, OBJECT_RELATION, get_rel_name(relOid));
+		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(relOid)), get_rel_name(relOid));
 
 	/* Check that the fork exists. */
 	RelationOpenSmgr(rel);
diff --git a/contrib/pgrowlocks/pgrowlocks.c b/contrib/pgrowlocks/pgrowlocks.c
index 38e10e59a8..576beb4fd4 100644
--- a/contrib/pgrowlocks/pgrowlocks.c
+++ b/contrib/pgrowlocks/pgrowlocks.c
@@ -35,6 +35,7 @@
 #include "storage/procarray.h"
 #include "utils/acl.h"
 #include "utils/builtins.h"
+#include "utils/lsyscache.h"
 #include "utils/rel.h"
 #include "utils/snapmgr.h"
 #include "utils/tqual.h"
@@ -121,7 +122,7 @@ pgrowlocks(PG_FUNCTION_ARGS)
 			aclresult = is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES) ? ACLCHECK_OK : ACLCHECK_NO_PRIV;
 
 		if (aclresult != ACLCHECK_OK)
-			aclcheck_error(aclresult, OBJECT_RELATION,
+			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 						   RelationGetRelationName(rel));
 
 		scan = heap_beginscan(rel, GetActiveSnapshot(), 0, NULL);
diff --git a/contrib/test_decoding/expected/permissions.out b/contrib/test_decoding/expected/permissions.out
index 7175dcd5f6..ed97f81dda 100644
--- a/contrib/test_decoding/expected/permissions.out
+++ b/contrib/test_decoding/expected/permissions.out
@@ -38,7 +38,7 @@ SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_d
 (1 row)
 
 INSERT INTO lr_test VALUES('lr_superuser_init');
-ERROR:  permission denied for relation lr_test
+ERROR:  permission denied for table lr_test
 SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
  data 
 ------
@@ -56,7 +56,7 @@ SET ROLE regress_lr_normal;
 SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
 ERROR:  must be superuser or replication role to use replication slots
 INSERT INTO lr_test VALUES('lr_superuser_init');
-ERROR:  permission denied for relation lr_test
+ERROR:  permission denied for table lr_test
 SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
 ERROR:  must be superuser or replication role to use replication slots
 SELECT pg_drop_replication_slot('regression_slot');
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 2e07d75ef4..a9cf354357 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -3428,9 +3428,6 @@ aclcheck_error(AclResult aclerr, ObjectType objtype,
 					case OBJECT_PUBLICATION:
 						msg = gettext_noop("permission denied for publication %s");
 						break;
-					case OBJECT_RELATION:
-						msg = gettext_noop("permission denied for relation %s");
-						break;
 					case OBJECT_ROUTINE:
 						msg = gettext_noop("permission denied for routine %s");
 						break;
@@ -3474,6 +3471,7 @@ aclcheck_error(AclResult aclerr, ObjectType objtype,
 					case OBJECT_DEFACL:
 					case OBJECT_DOMCONSTRAINT:
 					case OBJECT_PUBLICATION_REL:
+					case OBJECT_RELATION:
 					case OBJECT_ROLE:
 					case OBJECT_RULE:
 					case OBJECT_TABCONSTRAINT:
@@ -3563,9 +3561,6 @@ aclcheck_error(AclResult aclerr, ObjectType objtype,
 					case OBJECT_PUBLICATION:
 						msg = gettext_noop("must be owner of publication %s");
 						break;
-					case OBJECT_RELATION:
-						msg = gettext_noop("must be owner of relation %s");
-						break;
 					case OBJECT_ROUTINE:
 						msg = gettext_noop("must be owner of routine %s");
 						break;
@@ -3609,6 +3604,7 @@ aclcheck_error(AclResult aclerr, ObjectType objtype,
 					case OBJECT_DEFACL:
 					case OBJECT_DOMCONSTRAINT:
 					case OBJECT_PUBLICATION_REL:
+					case OBJECT_RELATION:
 					case OBJECT_ROLE:
 					case OBJECT_RULE:
 					case OBJECT_TABCONSTRAINT:
diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c
index 75636e6dab..8b9f993815 100644
--- a/src/backend/catalog/namespace.c
+++ b/src/backend/catalog/namespace.c
@@ -585,7 +585,7 @@ RangeVarGetAndCheckCreationNamespace(RangeVar *relation,
 		if (lockmode != NoLock && OidIsValid(relid))
 		{
 			if (!pg_class_ownercheck(relid, GetUserId()))
-				aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+				aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)),
 							   relation->relname);
 			if (relid != oldrelid)
 				LockRelationOid(relid, lockmode);
diff --git a/src/backend/catalog/objectaddress.c b/src/backend/catalog/objectaddress.c
index 9be365f50d..d691b25aa6 100644
--- a/src/backend/catalog/objectaddress.c
+++ b/src/backend/catalog/objectaddress.c
@@ -5097,3 +5097,28 @@ strlist_to_textarray(List *list)
 
 	return arr;
 }
+
+ObjectType
+relkind_get_objtype(char relkind)
+{
+	switch (relkind)
+	{
+		case RELKIND_RELATION:
+		case RELKIND_PARTITIONED_TABLE:
+			return OBJECT_TABLE;
+		case RELKIND_INDEX:
+			return OBJECT_INDEX;
+		case RELKIND_SEQUENCE:
+			return OBJECT_SEQUENCE;
+		case RELKIND_VIEW:
+			return OBJECT_VIEW;
+		case RELKIND_MATVIEW:
+			return OBJECT_MATVIEW;
+		case RELKIND_FOREIGN_TABLE:
+			return OBJECT_FOREIGN_TABLE;
+		/* other relkinds are not supported here because they don't map to OBJECT_* values */
+		default:
+			elog(ERROR, "unexpected relkind: %d", relkind);
+			return 0;
+	}
+}
diff --git a/src/backend/commands/lockcmds.c b/src/backend/commands/lockcmds.c
index aa54565716..0d7c18d0bd 100644
--- a/src/backend/commands/lockcmds.c
+++ b/src/backend/commands/lockcmds.c
@@ -96,7 +96,7 @@ RangeVarCallbackForLockTable(const RangeVar *rv, Oid relid, Oid oldrelid,
 	/* Check permissions. */
 	aclresult = LockTableAclCheck(relid, lockmode);
 	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, OBJECT_RELATION, rv->relname);
+		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
 }
 
 /*
@@ -127,7 +127,7 @@ LockTableRecurse(Oid reloid, LOCKMODE lockmode, bool nowait)
 
 			if (!relname)
 				continue;		/* child concurrently dropped, just skip it */
-			aclcheck_error(aclresult, OBJECT_RELATION, relname);
+			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(childreloid)), relname);
 		}
 
 		/* We have enough rights to lock the relation; do so. */
diff --git a/src/backend/commands/policy.c b/src/backend/commands/policy.c
index 2ec35abf8f..76b5bfd34b 100644
--- a/src/backend/commands/policy.c
+++ b/src/backend/commands/policy.c
@@ -78,7 +78,7 @@ RangeVarCallbackForPolicy(const RangeVar *rv, Oid relid, Oid oldrelid,
 
 	/* Must own relation. */
 	if (!pg_class_ownercheck(relid, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
 
 	/* No system table modifications unless explicitly allowed. */
 	if (!allowSystemTableMods && IsSystemClass(relid, classform))
diff --git a/src/backend/commands/publicationcmds.c b/src/backend/commands/publicationcmds.c
index 0cc62c77bd..d248e063a8 100644
--- a/src/backend/commands/publicationcmds.c
+++ b/src/backend/commands/publicationcmds.c
@@ -582,7 +582,7 @@ PublicationAddTables(Oid pubid, List *rels, bool if_not_exists,
 
 		/* Must be owner of the table or superuser. */
 		if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
-			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+			aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 						   RelationGetRelationName(rel));
 
 		obj = publication_add_relation(pubid, rel, if_not_exists);
diff --git a/src/backend/commands/statscmds.c b/src/backend/commands/statscmds.c
index 8a0cc6c2cf..89237c48ce 100644
--- a/src/backend/commands/statscmds.c
+++ b/src/backend/commands/statscmds.c
@@ -25,6 +25,7 @@
 #include "statistics/statistics.h"
 #include "utils/builtins.h"
 #include "utils/inval.h"
+#include "utils/lsyscache.h"
 #include "utils/memutils.h"
 #include "utils/rel.h"
 #include "utils/syscache.h"
@@ -141,7 +142,7 @@ CreateStatistics(CreateStatsStmt *stmt)
 
 		/* You must own the relation to create stats on it */
 		if (!pg_class_ownercheck(RelationGetRelid(rel), stxowner))
-			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+			aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 						   RelationGetRelationName(rel));
 	}
 
diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
index 38bfd29cd9..a5c8d4443d 100644
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@@ -1192,7 +1192,7 @@ RangeVarCallbackForDropRelation(const RangeVar *rel, Oid relOid, Oid oldRelOid,
 	/* Allow DROP to either table owner or schema owner */
 	if (!pg_class_ownercheck(relOid, GetUserId()) &&
 		!pg_namespace_ownercheck(classform->relnamespace, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relOid)),
 					   rel->relname);
 
 	if (!allowSystemTableMods && IsSystemClass(relOid, classform))
@@ -1562,7 +1562,7 @@ truncate_check_rel(Relation rel)
 	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
 								  ACL_TRUNCATE);
 	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, OBJECT_RELATION,
+		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 					   RelationGetRelationName(rel));
 
 	if (!allowSystemTableMods && IsSystemRelation(rel))
@@ -1848,7 +1848,7 @@ MergeAttributes(List *schema, List *supers, char relpersistence,
 		 * demand that creator of a child table own the parent.
 		 */
 		if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId()))
-			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+			aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(relation))),
 						   RelationGetRelationName(relation));
 
 		/*
@@ -2551,7 +2551,7 @@ renameatt_check(Oid myrelid, Form_pg_class classform, bool recursing)
 	 * permissions checking.  only the owner of a class can change its schema.
 	 */
 	if (!pg_class_ownercheck(myrelid, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(myrelid)),
 					   NameStr(classform->relname));
 	if (!allowSystemTableMods && IsSystemClass(myrelid, classform))
 		ereport(ERROR,
@@ -4769,7 +4769,7 @@ ATSimplePermissions(Relation rel, int allowed_targets)
 
 	/* Permissions checks */
 	if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 					   RelationGetRelationName(rel));
 
 	if (!allowSystemTableMods && IsSystemRelation(rel))
@@ -6212,7 +6212,7 @@ ATPrepSetStatistics(Relation rel, const char *colName, int16 colNum, Node *newVa
 
 	/* Permissions checks */
 	if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 					   RelationGetRelationName(rel));
 }
 
@@ -8136,7 +8136,7 @@ checkFkeyPermissions(Relation rel, int16 *attnums, int natts)
 		aclresult = pg_attribute_aclcheck(RelationGetRelid(rel), attnums[i],
 										  roleid, ACL_REFERENCES);
 		if (aclresult != ACLCHECK_OK)
-			aclcheck_error(aclresult, OBJECT_RELATION,
+			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 						   RelationGetRelationName(rel));
 	}
 }
@@ -10046,7 +10046,7 @@ ATExecChangeOwner(Oid relationOid, Oid newOwnerId, bool recursing, LOCKMODE lock
 
 				/* Otherwise, must be owner of the existing object */
 				if (!pg_class_ownercheck(relationOid, GetUserId()))
-					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+					aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relationOid)),
 								   RelationGetRelationName(target_rel));
 
 				/* Must be able to become new owner */
@@ -10856,7 +10856,7 @@ AlterTableMoveAll(AlterTableMoveAllStmt *stmt)
 		 * Caller must be considered an owner on the table to move it.
 		 */
 		if (!pg_class_ownercheck(relOid, GetUserId()))
-			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+			aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relOid)),
 						   NameStr(relForm->relname));
 
 		if (stmt->nowait &&
@@ -13101,7 +13101,7 @@ RangeVarCallbackOwnsTable(const RangeVar *relation,
 
 	/* Check permissions */
 	if (!pg_class_ownercheck(relId, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, relation->relname);
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relId)), relation->relname);
 }
 
 /*
@@ -13123,7 +13123,7 @@ RangeVarCallbackOwnsRelation(const RangeVar *relation,
 		elog(ERROR, "cache lookup failed for relation %u", relId);
 
 	if (!pg_class_ownercheck(relId, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relId)),
 					   relation->relname);
 
 	if (!allowSystemTableMods &&
@@ -13159,7 +13159,7 @@ RangeVarCallbackForAlterRelation(const RangeVar *rv, Oid relid, Oid oldrelid,
 
 	/* Must own relation. */
 	if (!pg_class_ownercheck(relid, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
 
 	/* No system table modifications unless explicitly allowed. */
 	if (!allowSystemTableMods && IsSystemClass(relid, classform))
diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c
index 438653f310..0bda470dd2 100644
--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@@ -284,7 +284,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
 		aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
 									  ACL_TRIGGER);
 		if (aclresult != ACLCHECK_OK)
-			aclcheck_error(aclresult, OBJECT_RELATION,
+			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 						   RelationGetRelationName(rel));
 
 		if (OidIsValid(constrrelid))
@@ -292,7 +292,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
 			aclresult = pg_class_aclcheck(constrrelid, GetUserId(),
 										  ACL_TRIGGER);
 			if (aclresult != ACLCHECK_OK)
-				aclcheck_error(aclresult, OBJECT_RELATION,
+				aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(constrrelid)),
 							   get_rel_name(constrrelid));
 		}
 	}
@@ -1422,7 +1422,7 @@ RangeVarCallbackForRenameTrigger(const RangeVar *rv, Oid relid, Oid oldrelid,
 
 	/* you must own the table to rename one of its triggers */
 	if (!pg_class_ownercheck(relid, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
 	if (!allowSystemTableMods && IsSystemClass(relid, form))
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
index 64a43822bb..97c461b480 100644
--- a/src/backend/executor/execMain.c
+++ b/src/backend/executor/execMain.c
@@ -579,7 +579,7 @@ ExecCheckRTPerms(List *rangeTable, bool ereport_on_violation)
 		{
 			Assert(rte->rtekind == RTE_RELATION);
 			if (ereport_on_violation)
-				aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_RELATION,
+				aclcheck_error(ACLCHECK_NO_PRIV, relkind_get_objtype(get_rel_relkind(rte->relid)),
 							   get_rel_name(rte->relid));
 			return false;
 		}
diff --git a/src/backend/parser/parse_utilcmd.c b/src/backend/parser/parse_utilcmd.c
index e7df455634..a31ce08449 100644
--- a/src/backend/parser/parse_utilcmd.c
+++ b/src/backend/parser/parse_utilcmd.c
@@ -962,7 +962,7 @@ transformTableLikeClause(CreateStmtContext *cxt, TableLikeClause *table_like_cla
 		aclresult = pg_class_aclcheck(RelationGetRelid(relation), GetUserId(),
 									  ACL_SELECT);
 		if (aclresult != ACLCHECK_OK)
-			aclcheck_error(aclresult, OBJECT_RELATION,
+			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(relation))),
 						   RelationGetRelationName(relation));
 	}
 
diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c
index 7eca67a52f..078e549e6d 100644
--- a/src/backend/rewrite/rewriteDefine.c
+++ b/src/backend/rewrite/rewriteDefine.c
@@ -276,7 +276,7 @@ DefineQueryRewrite(const char *rulename,
 	 * Check user has permission to apply rules to this relation.
 	 */
 	if (!pg_class_ownercheck(event_relid, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(event_relation))),
 					   RelationGetRelationName(event_relation));
 
 	/*
@@ -864,7 +864,7 @@ EnableDisableRule(Relation rel, const char *rulename,
 	eventRelationOid = ((Form_pg_rewrite) GETSTRUCT(ruletup))->ev_class;
 	Assert(eventRelationOid == owningRel);
 	if (!pg_class_ownercheck(eventRelationOid, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(eventRelationOid)),
 					   get_rel_name(eventRelationOid));
 
 	/*
@@ -927,7 +927,7 @@ RangeVarCallbackForRenameRule(const RangeVar *rv, Oid relid, Oid oldrelid,
 
 	/* you must own the table to rename one of its rules */
 	if (!pg_class_ownercheck(relid, GetUserId()))
-		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
+		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
 
 	ReleaseSysCache(tuple);
 }
diff --git a/src/backend/utils/adt/tid.c b/src/backend/utils/adt/tid.c
index 4aa8122fa2..12efc85d06 100644
--- a/src/backend/utils/adt/tid.c
+++ b/src/backend/utils/adt/tid.c
@@ -29,6 +29,7 @@
 #include "parser/parsetree.h"
 #include "utils/acl.h"
 #include "utils/builtins.h"
+#include "utils/lsyscache.h"
 #include "utils/rel.h"
 #include "utils/snapmgr.h"
 #include "utils/tqual.h"
@@ -343,7 +344,7 @@ currtid_byreloid(PG_FUNCTION_ARGS)
 	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
 								  ACL_SELECT);
 	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, OBJECT_RELATION,
+		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 					   RelationGetRelationName(rel));
 
 	if (rel->rd_rel->relkind == RELKIND_VIEW)
@@ -377,7 +378,7 @@ currtid_byrelname(PG_FUNCTION_ARGS)
 	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
 								  ACL_SELECT);
 	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, OBJECT_RELATION,
+		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
 					   RelationGetRelationName(rel));
 
 	if (rel->rd_rel->relkind == RELKIND_VIEW)
diff --git a/src/include/catalog/objectaddress.h b/src/include/catalog/objectaddress.h
index 403e8bb2af..43819304eb 100644
--- a/src/include/catalog/objectaddress.h
+++ b/src/include/catalog/objectaddress.h
@@ -78,4 +78,6 @@ extern char *getObjectIdentityParts(const ObjectAddress *address,
 					   List **objname, List **objargs);
 extern ArrayType *strlist_to_textarray(List *list);
 
+extern ObjectType relkind_get_objtype(char relkind);
+
 #endif							/* OBJECTADDRESS_H */
diff --git a/src/test/regress/expected/alter_table.out b/src/test/regress/expected/alter_table.out
index 11f0baa11b..b998dab6ab 100644
--- a/src/test/regress/expected/alter_table.out
+++ b/src/test/regress/expected/alter_table.out
@@ -3303,7 +3303,7 @@ CREATE TABLE owned_by_me (
 	a int
 ) PARTITION BY LIST (a);
 ALTER TABLE owned_by_me ATTACH PARTITION not_owned_by_me FOR VALUES IN (1);
-ERROR:  must be owner of relation not_owned_by_me
+ERROR:  must be owner of table not_owned_by_me
 RESET SESSION AUTHORIZATION;
 DROP TABLE owned_by_me, not_owned_by_me;
 DROP ROLE regress_test_not_me;
diff --git a/src/test/regress/expected/copy2.out b/src/test/regress/expected/copy2.out
index 65e9c626b3..e606a5fda4 100644
--- a/src/test/regress/expected/copy2.out
+++ b/src/test/regress/expected/copy2.out
@@ -521,12 +521,12 @@ RESET SESSION AUTHORIZATION;
 SET SESSION AUTHORIZATION regress_rls_copy_user_colperms;
 -- attempt all columns (should fail)
 COPY rls_t1 TO stdout;
-ERROR:  permission denied for relation rls_t1
+ERROR:  permission denied for table rls_t1
 COPY rls_t1 (a, b, c) TO stdout;
-ERROR:  permission denied for relation rls_t1
+ERROR:  permission denied for table rls_t1
 -- try to copy column with no privileges (should fail)
 COPY rls_t1 (c) TO stdout;
-ERROR:  permission denied for relation rls_t1
+ERROR:  permission denied for table rls_t1
 -- subset of columns (should succeed)
 COPY rls_t1 (a) TO stdout;
 2
diff --git a/src/test/regress/expected/lock.out b/src/test/regress/expected/lock.out
index fd27344503..74a434d24d 100644
--- a/src/test/regress/expected/lock.out
+++ b/src/test/regress/expected/lock.out
@@ -45,7 +45,7 @@ GRANT UPDATE ON TABLE lock_tbl1 TO regress_rol_lock1;
 SET ROLE regress_rol_lock1;
 BEGIN;
 LOCK TABLE lock_tbl1 * IN ACCESS EXCLUSIVE MODE;
-ERROR:  permission denied for relation lock_tbl2
+ERROR:  permission denied for table lock_tbl2
 ROLLBACK;
 BEGIN;
 LOCK TABLE ONLY lock_tbl1;
diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index 87e9211f6a..cf53b37383 100644
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -92,11 +92,11 @@ SELECT * FROM atest2; -- ok
 
 INSERT INTO atest1 VALUES (2, 'two'); -- ok
 INSERT INTO atest2 VALUES ('foo', true); -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 INSERT INTO atest1 SELECT 1, b FROM atest1; -- ok
 UPDATE atest1 SET a = 1 WHERE a = 2; -- ok
 UPDATE atest2 SET col2 = NOT col2; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 SELECT * FROM atest1 FOR UPDATE; -- ok
  a |  b  
 ---+-----
@@ -105,17 +105,17 @@ SELECT * FROM atest1 FOR UPDATE; -- ok
 (2 rows)
 
 SELECT * FROM atest2 FOR UPDATE; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 DELETE FROM atest2; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 TRUNCATE atest2; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 BEGIN;
 LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 COMMIT;
 COPY atest2 FROM stdin; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 GRANT ALL ON atest1 TO PUBLIC; -- fail
 WARNING:  no privileges were granted for "atest1"
 -- checks in subquery, both ok
@@ -144,37 +144,37 @@ SELECT * FROM atest1; -- ok
 (2 rows)
 
 SELECT * FROM atest2; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 INSERT INTO atest1 VALUES (2, 'two'); -- fail
-ERROR:  permission denied for relation atest1
+ERROR:  permission denied for table atest1
 INSERT INTO atest2 VALUES ('foo', true); -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 INSERT INTO atest1 SELECT 1, b FROM atest1; -- fail
-ERROR:  permission denied for relation atest1
+ERROR:  permission denied for table atest1
 UPDATE atest1 SET a = 1 WHERE a = 2; -- fail
-ERROR:  permission denied for relation atest1
+ERROR:  permission denied for table atest1
 UPDATE atest2 SET col2 = NULL; -- ok
 UPDATE atest2 SET col2 = NOT col2; -- fails; requires SELECT on atest2
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 UPDATE atest2 SET col2 = true FROM atest1 WHERE atest1.a = 5; -- ok
 SELECT * FROM atest1 FOR UPDATE; -- fail
-ERROR:  permission denied for relation atest1
+ERROR:  permission denied for table atest1
 SELECT * FROM atest2 FOR UPDATE; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 DELETE FROM atest2; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 TRUNCATE atest2; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 BEGIN;
 LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- ok
 COMMIT;
 COPY atest2 FROM stdin; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 -- checks in subquery, both fail
 SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 SET SESSION AUTHORIZATION regress_user4;
 COPY atest2 FROM stdin; -- ok
 SELECT * FROM atest1; -- ok
@@ -234,7 +234,7 @@ CREATE OPERATOR >>> (procedure = leak2, leftarg = integer, rightarg = integer,
                      restrict = scalargtsel);
 -- This should not show any "leak" notices before failing.
 EXPLAIN (COSTS OFF) SELECT * FROM atest12 WHERE a >>> 0;
-ERROR:  permission denied for relation atest12
+ERROR:  permission denied for table atest12
 -- This plan should use hashjoin, as it will expect many rows to be selected.
 EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
                 QUERY PLAN                 
@@ -287,7 +287,7 @@ CREATE TABLE atest3 (one int, two int, three int);
 GRANT DELETE ON atest3 TO GROUP regress_group2;
 SET SESSION AUTHORIZATION regress_user1;
 SELECT * FROM atest3; -- fail
-ERROR:  permission denied for relation atest3
+ERROR:  permission denied for table atest3
 DELETE FROM atest3; -- ok
 -- views
 SET SESSION AUTHORIZATION regress_user3;
@@ -305,7 +305,7 @@ SELECT * FROM atestv1; -- ok
 (2 rows)
 
 SELECT * FROM atestv2; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 GRANT SELECT ON atestv1, atestv3 TO regress_user4;
 GRANT SELECT ON atestv2 TO regress_user2;
 SET SESSION AUTHORIZATION regress_user4;
@@ -317,28 +317,28 @@ SELECT * FROM atestv1; -- ok
 (2 rows)
 
 SELECT * FROM atestv2; -- fail
-ERROR:  permission denied for relation atestv2
+ERROR:  permission denied for view atestv2
 SELECT * FROM atestv3; -- ok
  one | two | three 
 -----+-----+-------
 (0 rows)
 
 SELECT * FROM atestv0; -- fail
-ERROR:  permission denied for relation atestv0
+ERROR:  permission denied for view atestv0
 -- Appendrels excluded by constraints failed to check permissions in 8.4-9.2.
 select * from
   ((select a.q1 as x from int8_tbl a offset 0)
    union all
    (select b.q2 as x from int8_tbl b offset 0)) ss
 where false;
-ERROR:  permission denied for relation int8_tbl
+ERROR:  permission denied for table int8_tbl
 set constraint_exclusion = on;
 select * from
   ((select a.q1 as x, random() from int8_tbl a where q1 > 0)
    union all
    (select b.q2 as x, random() from int8_tbl b where q2 > 0)) ss
 where x < 0;
-ERROR:  permission denied for relation int8_tbl
+ERROR:  permission denied for table int8_tbl
 reset constraint_exclusion;
 CREATE VIEW atestv4 AS SELECT * FROM atestv3; -- nested view
 SELECT * FROM atestv4; -- ok
@@ -350,7 +350,7 @@ GRANT SELECT ON atestv4 TO regress_user2;
 SET SESSION AUTHORIZATION regress_user2;
 -- Two complex cases:
 SELECT * FROM atestv3; -- fail
-ERROR:  permission denied for relation atestv3
+ERROR:  permission denied for view atestv3
 SELECT * FROM atestv4; -- ok (even though regress_user2 cannot access underlying atestv3)
  one | two | three 
 -----+-----+-------
@@ -363,7 +363,7 @@ SELECT * FROM atest2; -- ok
 (1 row)
 
 SELECT * FROM atestv2; -- fail (even though regress_user2 can access underlying atest2)
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 -- Test column level permissions
 SET SESSION AUTHORIZATION regress_user1;
 CREATE TABLE atest5 (one int, two int unique, three int, four int unique);
@@ -373,7 +373,7 @@ GRANT ALL (one) ON atest5 TO regress_user3;
 INSERT INTO atest5 VALUES (1,2,3);
 SET SESSION AUTHORIZATION regress_user4;
 SELECT * FROM atest5; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT one FROM atest5; -- ok
  one 
 -----
@@ -383,13 +383,13 @@ SELECT one FROM atest5; -- ok
 COPY atest5 (one) TO stdout; -- ok
 1
 SELECT two FROM atest5; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 COPY atest5 (two) TO stdout; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT atest5 FROM atest5; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 COPY atest5 (one,two) TO stdout; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT 1 FROM atest5; -- ok
  ?column? 
 ----------
@@ -403,15 +403,15 @@ SELECT 1 FROM atest5 a JOIN atest5 b USING (one); -- ok
 (1 row)
 
 SELECT 1 FROM atest5 a JOIN atest5 b USING (two); -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT 1 FROM atest5 a NATURAL JOIN atest5 b; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT (j.*) IS NULL FROM (atest5 a JOIN atest5 b USING (one)) j; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT 1 FROM atest5 WHERE two = 2; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT * FROM atest1, atest5; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT atest1.* FROM atest1, atest5; -- ok
  a |  b  
 ---+-----
@@ -427,7 +427,7 @@ SELECT atest1.*,atest5.one FROM atest1, atest5; -- ok
 (2 rows)
 
 SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.two); -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -- ok
  a |  b  | one 
 ---+-----+-----
@@ -436,12 +436,12 @@ SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -
 (2 rows)
 
 SELECT one, two FROM atest5; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SET SESSION AUTHORIZATION regress_user1;
 GRANT SELECT (one,two) ON atest6 TO regress_user4;
 SET SESSION AUTHORIZATION regress_user4;
 SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SET SESSION AUTHORIZATION regress_user1;
 GRANT SELECT (two) ON atest5 TO regress_user4;
 SET SESSION AUTHORIZATION regress_user4;
@@ -453,23 +453,23 @@ SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now
 -- test column-level privileges for INSERT and UPDATE
 INSERT INTO atest5 (two) VALUES (3); -- ok
 COPY atest5 FROM stdin; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 COPY atest5 (two) FROM stdin; -- ok
 INSERT INTO atest5 (three) VALUES (4); -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 INSERT INTO atest5 VALUES (5,5,5); -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 UPDATE atest5 SET three = 10; -- ok
 UPDATE atest5 SET one = 8; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 UPDATE atest5 SET three = 5, one = 2; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 -- Check that column level privs are enforced in RETURNING
 -- Ok.
 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10;
 -- Error. No SELECT on column three.
 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10 RETURNING atest5.three;
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 -- Ok.  May SELECT on column "one":
 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10 RETURNING atest5.one;
  one 
@@ -482,21 +482,21 @@ INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10 RE
 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = EXCLUDED.one;
 -- Error. No select rights on three
 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = EXCLUDED.three;
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set one = 8; -- fails (due to UPDATE)
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 INSERT INTO atest5(three) VALUES (4) ON CONFLICT (two) DO UPDATE set three = 10; -- fails (due to INSERT)
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 -- Check that the columns in the inference require select privileges
 INSERT INTO atest5(four) VALUES (4); -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SET SESSION AUTHORIZATION regress_user1;
 GRANT INSERT (four) ON atest5 TO regress_user4;
 SET SESSION AUTHORIZATION regress_user4;
 INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT)
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT)
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 INSERT INTO atest5(four) VALUES (4); -- ok
 SET SESSION AUTHORIZATION regress_user1;
 GRANT SELECT (four) ON atest5 TO regress_user4;
@@ -508,9 +508,9 @@ REVOKE ALL (one) ON atest5 FROM regress_user4;
 GRANT SELECT (one,two,blue) ON atest6 TO regress_user4;
 SET SESSION AUTHORIZATION regress_user4;
 SELECT one FROM atest5; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 UPDATE atest5 SET one = 1; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SELECT atest6 FROM atest6; -- ok
  atest6 
 --------
@@ -557,9 +557,9 @@ REVOKE ALL (one) ON atest5 FROM regress_user3;
 GRANT SELECT (one) ON atest5 TO regress_user4;
 SET SESSION AUTHORIZATION regress_user4;
 SELECT atest6 FROM atest6; -- fail
-ERROR:  permission denied for relation atest6
+ERROR:  permission denied for table atest6
 SELECT one FROM atest5 NATURAL JOIN atest6; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 SET SESSION AUTHORIZATION regress_user1;
 ALTER TABLE atest6 DROP COLUMN three;
 SET SESSION AUTHORIZATION regress_user4;
@@ -578,12 +578,12 @@ ALTER TABLE atest6 DROP COLUMN two;
 REVOKE SELECT (one,blue) ON atest6 FROM regress_user4;
 SET SESSION AUTHORIZATION regress_user4;
 SELECT * FROM atest6; -- fail
-ERROR:  permission denied for relation atest6
+ERROR:  permission denied for table atest6
 SELECT 1 FROM atest6; -- fail
-ERROR:  permission denied for relation atest6
+ERROR:  permission denied for table atest6
 SET SESSION AUTHORIZATION regress_user3;
 DELETE FROM atest5 WHERE one = 1; -- fail
-ERROR:  permission denied for relation atest5
+ERROR:  permission denied for table atest5
 DELETE FROM atest5 WHERE two = 2; -- ok
 -- check inheritance cases
 SET SESSION AUTHORIZATION regress_user1;
@@ -614,7 +614,7 @@ SELECT oid FROM atestp2; -- ok
 (0 rows)
 
 SELECT fy FROM atestc; -- fail
-ERROR:  permission denied for relation atestc
+ERROR:  permission denied for table atestc
 SET SESSION AUTHORIZATION regress_user1;
 GRANT SELECT(fy,oid) ON atestc TO regress_user2;
 SET SESSION AUTHORIZATION regress_user2;
@@ -698,7 +698,7 @@ ERROR:  permission denied for aggregate testagg1
 CALL testproc1(6); -- fail
 ERROR:  permission denied for procedure testproc1
 SELECT col1 FROM atest2 WHERE col2 = true; -- fail
-ERROR:  permission denied for relation atest2
+ERROR:  permission denied for table atest2
 SELECT testfunc4(true); -- ok
  testfunc4 
 -----------
@@ -849,7 +849,7 @@ DROP DOMAIN testdomain1; -- ok
 SET SESSION AUTHORIZATION regress_user5;
 TRUNCATE atest2; -- ok
 TRUNCATE atest3; -- fail
-ERROR:  permission denied for relation atest3
+ERROR:  permission denied for table atest3
 -- has_table_privilege function
 -- bad-input checks
 select has_table_privilege(NULL,'pg_authid','select');
@@ -1435,7 +1435,7 @@ SELECT * FROM pg_largeobject LIMIT 0;
 
 SET SESSION AUTHORIZATION regress_user1;
 SELECT * FROM pg_largeobject LIMIT 0;			-- to be denied
-ERROR:  permission denied for relation pg_largeobject
+ERROR:  permission denied for table pg_largeobject
 -- test default ACLs
 \c -
 CREATE SCHEMA testns;
@@ -1899,14 +1899,14 @@ GRANT SELECT ON lock_table TO regress_locktable_user;
 SET SESSION AUTHORIZATION regress_locktable_user;
 BEGIN;
 LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should fail
-ERROR:  permission denied for relation lock_table
+ERROR:  permission denied for table lock_table
 ROLLBACK;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should pass
 COMMIT;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should fail
-ERROR:  permission denied for relation lock_table
+ERROR:  permission denied for table lock_table
 ROLLBACK;
 \c
 REVOKE SELECT ON lock_table FROM regress_locktable_user;
@@ -1918,11 +1918,11 @@ LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
 COMMIT;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should fail
-ERROR:  permission denied for relation lock_table
+ERROR:  permission denied for table lock_table
 ROLLBACK;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should fail
-ERROR:  permission denied for relation lock_table
+ERROR:  permission denied for table lock_table
 ROLLBACK;
 \c
 REVOKE INSERT ON lock_table FROM regress_locktable_user;
@@ -1934,7 +1934,7 @@ LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
 COMMIT;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should fail
-ERROR:  permission denied for relation lock_table
+ERROR:  permission denied for table lock_table
 ROLLBACK;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
@@ -1949,7 +1949,7 @@ LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
 COMMIT;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should fail
-ERROR:  permission denied for relation lock_table
+ERROR:  permission denied for table lock_table
 ROLLBACK;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
@@ -1964,7 +1964,7 @@ LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
 COMMIT;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should fail
-ERROR:  permission denied for relation lock_table
+ERROR:  permission denied for table lock_table
 ROLLBACK;
 BEGIN;
 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
diff --git a/src/test/regress/expected/publication.out b/src/test/regress/expected/publication.out
index b101331d69..0c86c647bc 100644
--- a/src/test/regress/expected/publication.out
+++ b/src/test/regress/expected/publication.out
@@ -198,7 +198,7 @@ GRANT CREATE ON DATABASE regression TO regress_publication_user2;
 SET ROLE regress_publication_user2;
 CREATE PUBLICATION testpub2;  -- ok
 ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1;  -- fail
-ERROR:  must be owner of relation testpub_tbl1
+ERROR:  must be owner of table testpub_tbl1
 SET ROLE regress_publication_user;
 GRANT regress_publication_user TO regress_publication_user2;
 SET ROLE regress_publication_user2;
diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out
index b8dcf51a30..f1ae40df61 100644
--- a/src/test/regress/expected/rowsecurity.out
+++ b/src/test/regress/expected/rowsecurity.out
@@ -361,7 +361,7 @@ INSERT INTO document VALUES (100, 55, 1, 'regress_rls_dave', 'testing sorting of
 ERROR:  new row violates row-level security policy "p2r" for table "document"
 -- only owner can change policies
 ALTER POLICY p1 ON document USING (true);    --fail
-ERROR:  must be owner of relation document
+ERROR:  must be owner of table document
 DROP POLICY p1 ON document;                  --fail
 ERROR:  must be owner of relation document
 SET SESSION AUTHORIZATION regress_rls_alice;
@@ -1192,7 +1192,7 @@ EXPLAIN (COSTS OFF) SELECT * FROM part_document WHERE f_leak(dtitle);
 
 -- only owner can change policies
 ALTER POLICY pp1 ON part_document USING (true);    --fail
-ERROR:  must be owner of relation part_document
+ERROR:  must be owner of table part_document
 DROP POLICY pp1 ON part_document;                  --fail
 ERROR:  must be owner of relation part_document
 SET SESSION AUTHORIZATION regress_rls_alice;
@@ -2446,9 +2446,9 @@ EXPLAIN (COSTS OFF) SELECT * FROM rls_view;
 -- Query as role that is not the owner of the table or view without permissions.
 SET SESSION AUTHORIZATION regress_rls_carol;
 SELECT * FROM rls_view; --fail - permission denied.
-ERROR:  permission denied for relation rls_view
+ERROR:  permission denied for view rls_view
 EXPLAIN (COSTS OFF) SELECT * FROM rls_view; --fail - permission denied.
-ERROR:  permission denied for relation rls_view
+ERROR:  permission denied for view rls_view
 -- Query as role that is not the owner of the table or view with permissions.
 SET SESSION AUTHORIZATION regress_rls_bob;
 GRANT SELECT ON rls_view TO regress_rls_carol;
@@ -3235,7 +3235,7 @@ COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; --fail
 ERROR:  query would be affected by row-level security policy for table "copy_t"
 SET row_security TO ON;
 COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; --fail - permission denied
-ERROR:  permission denied for relation copy_t
+ERROR:  permission denied for table copy_t
 -- Check COPY relation TO; keep it just one row to avoid reordering issues
 RESET SESSION AUTHORIZATION;
 SET row_security TO ON;
@@ -3271,10 +3271,10 @@ COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --ok
 SET SESSION AUTHORIZATION regress_rls_carol;
 SET row_security TO OFF;
 COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --fail - permission denied
-ERROR:  permission denied for relation copy_rel_to
+ERROR:  permission denied for table copy_rel_to
 SET row_security TO ON;
 COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --fail - permission denied
-ERROR:  permission denied for relation copy_rel_to
+ERROR:  permission denied for table copy_rel_to
 -- Check COPY FROM as Superuser/owner.
 RESET SESSION AUTHORIZATION;
 SET row_security TO OFF;
@@ -3298,10 +3298,10 @@ COPY copy_t FROM STDIN; --ok
 SET SESSION AUTHORIZATION regress_rls_carol;
 SET row_security TO OFF;
 COPY copy_t FROM STDIN; --fail - permission denied.
-ERROR:  permission denied for relation copy_t
+ERROR:  permission denied for table copy_t
 SET row_security TO ON;
 COPY copy_t FROM STDIN; --fail - permission denied.
-ERROR:  permission denied for relation copy_t
+ERROR:  permission denied for table copy_t
 RESET SESSION AUTHORIZATION;
 DROP TABLE copy_t;
 DROP TABLE copy_rel_to CASCADE;
diff --git a/src/test/regress/expected/select_into.out b/src/test/regress/expected/select_into.out
index 5d54bbf3b0..ef7cfd6f29 100644
--- a/src/test/regress/expected/select_into.out
+++ b/src/test/regress/expected/select_into.out
@@ -22,15 +22,15 @@ GRANT ALL ON SCHEMA selinto_schema TO public;
 SET SESSION AUTHORIZATION regress_selinto_user;
 SELECT * INTO TABLE selinto_schema.tmp1
 	  FROM pg_class WHERE relname like '%a%';	-- Error
-ERROR:  permission denied for relation tmp1
+ERROR:  permission denied for table tmp1
 SELECT oid AS clsoid, relname, relnatts + 10 AS x
 	  INTO selinto_schema.tmp2
 	  FROM pg_class WHERE relname like '%b%';	-- Error
-ERROR:  permission denied for relation tmp2
+ERROR:  permission denied for table tmp2
 CREATE TABLE selinto_schema.tmp3 (a,b,c)
 	   AS SELECT oid,relname,relacl FROM pg_class
 	   WHERE relname like '%c%';	-- Error
-ERROR:  permission denied for relation tmp3
+ERROR:  permission denied for table tmp3
 RESET SESSION AUTHORIZATION;
 ALTER DEFAULT PRIVILEGES FOR ROLE regress_selinto_user
 	  GRANT INSERT ON TABLES TO regress_selinto_user;
diff --git a/src/test/regress/expected/sequence.out b/src/test/regress/expected/sequence.out
index 2384b7dd81..ca5ea063fa 100644
--- a/src/test/regress/expected/sequence.out
+++ b/src/test/regress/expected/sequence.out
@@ -785,7 +785,7 @@ ROLLBACK;
 BEGIN;
 SET LOCAL SESSION AUTHORIZATION regress_seq_user;
 ALTER SEQUENCE sequence_test2 START WITH 1;
-ERROR:  must be owner of relation sequence_test2
+ERROR:  must be owner of sequence sequence_test2
 ROLLBACK;
 -- Sequences should get wiped out as well:
 DROP TABLE serialTest1, serialTest2;
diff --git a/src/test/regress/expected/updatable_views.out b/src/test/regress/expected/updatable_views.out
index 2090a411fe..964c115b14 100644
--- a/src/test/regress/expected/updatable_views.out
+++ b/src/test/regress/expected/updatable_views.out
@@ -990,26 +990,26 @@ SELECT * FROM rw_view2; -- ok
 (2 rows)
 
 INSERT INTO base_tbl VALUES (3, 'Row 3', 3.0); -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 INSERT INTO rw_view1 VALUES ('Row 3', 3.0, 3); -- not allowed
-ERROR:  permission denied for relation rw_view1
+ERROR:  permission denied for view rw_view1
 INSERT INTO rw_view2 VALUES ('Row 3', 3.0, 3); -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 UPDATE base_tbl SET a=a, c=c; -- ok
 UPDATE base_tbl SET b=b; -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 UPDATE rw_view1 SET bb=bb, cc=cc; -- ok
 UPDATE rw_view1 SET aa=aa; -- not allowed
-ERROR:  permission denied for relation rw_view1
+ERROR:  permission denied for view rw_view1
 UPDATE rw_view2 SET aa=aa, cc=cc; -- ok
 UPDATE rw_view2 SET bb=bb; -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 DELETE FROM base_tbl; -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 DELETE FROM rw_view1; -- not allowed
-ERROR:  permission denied for relation rw_view1
+ERROR:  permission denied for view rw_view1
 DELETE FROM rw_view2; -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 RESET SESSION AUTHORIZATION;
 SET SESSION AUTHORIZATION regress_view_user1;
 GRANT INSERT, DELETE ON base_tbl TO regress_view_user2;
@@ -1017,11 +1017,11 @@ RESET SESSION AUTHORIZATION;
 SET SESSION AUTHORIZATION regress_view_user2;
 INSERT INTO base_tbl VALUES (3, 'Row 3', 3.0); -- ok
 INSERT INTO rw_view1 VALUES ('Row 4', 4.0, 4); -- not allowed
-ERROR:  permission denied for relation rw_view1
+ERROR:  permission denied for view rw_view1
 INSERT INTO rw_view2 VALUES ('Row 4', 4.0, 4); -- ok
 DELETE FROM base_tbl WHERE a=1; -- ok
 DELETE FROM rw_view1 WHERE aa=2; -- not allowed
-ERROR:  permission denied for relation rw_view1
+ERROR:  permission denied for view rw_view1
 DELETE FROM rw_view2 WHERE aa=2; -- ok
 SELECT * FROM base_tbl;
  a |   b   | c 
@@ -1037,15 +1037,15 @@ GRANT INSERT, DELETE ON rw_view1 TO regress_view_user2;
 RESET SESSION AUTHORIZATION;
 SET SESSION AUTHORIZATION regress_view_user2;
 INSERT INTO base_tbl VALUES (5, 'Row 5', 5.0); -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 INSERT INTO rw_view1 VALUES ('Row 5', 5.0, 5); -- ok
 INSERT INTO rw_view2 VALUES ('Row 6', 6.0, 6); -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 DELETE FROM base_tbl WHERE a=3; -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 DELETE FROM rw_view1 WHERE aa=3; -- ok
 DELETE FROM rw_view2 WHERE aa=4; -- not allowed
-ERROR:  permission denied for relation base_tbl
+ERROR:  permission denied for table base_tbl
 SELECT * FROM base_tbl;
  a |   b   | c 
 ---+-------+---
-- 
2.15.1


--------------9542E740EF1A89D80A2224F4
Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0";
 name="v4-0004-Use-OBJECT_TABLE-instead-of-OBJECT_RELATION-for-A.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="v4-0004-Use-OBJECT_TABLE-instead-of-OBJECT_RELATION-for-A.pa";
 filename*1="tch"