Thread

  1. [PATCH v4 3/5] Don't use OBJECT_RELATION with aclcheck_error

    Peter Eisentraut <peter_e@gmx.net> — 2018-01-16T18:32:03Z

    ---
     contrib/dblink/dblink.c                        |   2 +-
     contrib/file_fdw/output/file_fdw.source        |   2 +-
     contrib/pg_prewarm/pg_prewarm.c                |   2 +-
     contrib/pgrowlocks/pgrowlocks.c                |   3 +-
     contrib/test_decoding/expected/permissions.out |   4 +-
     src/backend/catalog/aclchk.c                   |   8 +-
     src/backend/catalog/namespace.c                |   2 +-
     src/backend/catalog/objectaddress.c            |  25 +++++
     src/backend/commands/lockcmds.c                |   4 +-
     src/backend/commands/policy.c                  |   2 +-
     src/backend/commands/publicationcmds.c         |   2 +-
     src/backend/commands/statscmds.c               |   3 +-
     src/backend/commands/tablecmds.c               |  24 ++---
     src/backend/commands/trigger.c                 |   6 +-
     src/backend/executor/execMain.c                |   2 +-
     src/backend/parser/parse_utilcmd.c             |   2 +-
     src/backend/rewrite/rewriteDefine.c            |   6 +-
     src/backend/utils/adt/tid.c                    |   5 +-
     src/include/catalog/objectaddress.h            |   2 +
     src/test/regress/expected/alter_table.out      |   2 +-
     src/test/regress/expected/copy2.out            |   6 +-
     src/test/regress/expected/lock.out             |   2 +-
     src/test/regress/expected/privileges.out       | 144 ++++++++++++-------------
     src/test/regress/expected/publication.out      |   2 +-
     src/test/regress/expected/rowsecurity.out      |  18 ++--
     src/test/regress/expected/select_into.out      |   6 +-
     src/test/regress/expected/sequence.out         |   2 +-
     src/test/regress/expected/updatable_views.out  |  30 +++---
     28 files changed, 172 insertions(+), 146 deletions(-)
    
    diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c
    index 6b4d036d9e..742e2a20c3 100644
    --- a/contrib/dblink/dblink.c
    +++ b/contrib/dblink/dblink.c
    @@ -2504,7 +2504,7 @@ get_rel_from_relname(text *relname_text, LOCKMODE lockmode, AclMode aclmode)
     	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     								  aclmode);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, OBJECT_RELATION,
    +		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     					   RelationGetRelationName(rel));
     
     	return rel;
    diff --git a/contrib/file_fdw/output/file_fdw.source b/contrib/file_fdw/output/file_fdw.source
    index 709c43ec80..e2d8b87015 100644
    --- a/contrib/file_fdw/output/file_fdw.source
    +++ b/contrib/file_fdw/output/file_fdw.source
    @@ -393,7 +393,7 @@ SELECT * FROM agg_text ORDER BY a;
     
     SET ROLE regress_no_priv_user;
     SELECT * FROM agg_text ORDER BY a;   -- ERROR
    -ERROR:  permission denied for relation agg_text
    +ERROR:  permission denied for foreign table agg_text
     SET ROLE regress_file_fdw_user;
     \t on
     EXPLAIN (VERBOSE, COSTS FALSE) SELECT * FROM agg_text WHERE a > 0;
    diff --git a/contrib/pg_prewarm/pg_prewarm.c b/contrib/pg_prewarm/pg_prewarm.c
    index bab01e6781..7755c1a6cf 100644
    --- a/contrib/pg_prewarm/pg_prewarm.c
    +++ b/contrib/pg_prewarm/pg_prewarm.c
    @@ -107,7 +107,7 @@ pg_prewarm(PG_FUNCTION_ARGS)
     	rel = relation_open(relOid, AccessShareLock);
     	aclresult = pg_class_aclcheck(relOid, GetUserId(), ACL_SELECT);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, OBJECT_RELATION, get_rel_name(relOid));
    +		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(relOid)), get_rel_name(relOid));
     
     	/* Check that the fork exists. */
     	RelationOpenSmgr(rel);
    diff --git a/contrib/pgrowlocks/pgrowlocks.c b/contrib/pgrowlocks/pgrowlocks.c
    index 38e10e59a8..576beb4fd4 100644
    --- a/contrib/pgrowlocks/pgrowlocks.c
    +++ b/contrib/pgrowlocks/pgrowlocks.c
    @@ -35,6 +35,7 @@
     #include "storage/procarray.h"
     #include "utils/acl.h"
     #include "utils/builtins.h"
    +#include "utils/lsyscache.h"
     #include "utils/rel.h"
     #include "utils/snapmgr.h"
     #include "utils/tqual.h"
    @@ -121,7 +122,7 @@ pgrowlocks(PG_FUNCTION_ARGS)
     			aclresult = is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES) ? ACLCHECK_OK : ACLCHECK_NO_PRIV;
     
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, OBJECT_RELATION,
    +			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     						   RelationGetRelationName(rel));
     
     		scan = heap_beginscan(rel, GetActiveSnapshot(), 0, NULL);
    diff --git a/contrib/test_decoding/expected/permissions.out b/contrib/test_decoding/expected/permissions.out
    index 7175dcd5f6..ed97f81dda 100644
    --- a/contrib/test_decoding/expected/permissions.out
    +++ b/contrib/test_decoding/expected/permissions.out
    @@ -38,7 +38,7 @@ SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_d
     (1 row)
     
     INSERT INTO lr_test VALUES('lr_superuser_init');
    -ERROR:  permission denied for relation lr_test
    +ERROR:  permission denied for table lr_test
     SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
      data 
     ------
    @@ -56,7 +56,7 @@ SET ROLE regress_lr_normal;
     SELECT 'init' FROM pg_create_logical_replication_slot('regression_slot', 'test_decoding');
     ERROR:  must be superuser or replication role to use replication slots
     INSERT INTO lr_test VALUES('lr_superuser_init');
    -ERROR:  permission denied for relation lr_test
    +ERROR:  permission denied for table lr_test
     SELECT data FROM pg_logical_slot_get_changes('regression_slot', NULL, NULL, 'include-xids', '0', 'skip-empty-xacts', '1');
     ERROR:  must be superuser or replication role to use replication slots
     SELECT pg_drop_replication_slot('regression_slot');
    diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
    index 2e07d75ef4..a9cf354357 100644
    --- a/src/backend/catalog/aclchk.c
    +++ b/src/backend/catalog/aclchk.c
    @@ -3428,9 +3428,6 @@ aclcheck_error(AclResult aclerr, ObjectType objtype,
     					case OBJECT_PUBLICATION:
     						msg = gettext_noop("permission denied for publication %s");
     						break;
    -					case OBJECT_RELATION:
    -						msg = gettext_noop("permission denied for relation %s");
    -						break;
     					case OBJECT_ROUTINE:
     						msg = gettext_noop("permission denied for routine %s");
     						break;
    @@ -3474,6 +3471,7 @@ aclcheck_error(AclResult aclerr, ObjectType objtype,
     					case OBJECT_DEFACL:
     					case OBJECT_DOMCONSTRAINT:
     					case OBJECT_PUBLICATION_REL:
    +					case OBJECT_RELATION:
     					case OBJECT_ROLE:
     					case OBJECT_RULE:
     					case OBJECT_TABCONSTRAINT:
    @@ -3563,9 +3561,6 @@ aclcheck_error(AclResult aclerr, ObjectType objtype,
     					case OBJECT_PUBLICATION:
     						msg = gettext_noop("must be owner of publication %s");
     						break;
    -					case OBJECT_RELATION:
    -						msg = gettext_noop("must be owner of relation %s");
    -						break;
     					case OBJECT_ROUTINE:
     						msg = gettext_noop("must be owner of routine %s");
     						break;
    @@ -3609,6 +3604,7 @@ aclcheck_error(AclResult aclerr, ObjectType objtype,
     					case OBJECT_DEFACL:
     					case OBJECT_DOMCONSTRAINT:
     					case OBJECT_PUBLICATION_REL:
    +					case OBJECT_RELATION:
     					case OBJECT_ROLE:
     					case OBJECT_RULE:
     					case OBJECT_TABCONSTRAINT:
    diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c
    index 75636e6dab..8b9f993815 100644
    --- a/src/backend/catalog/namespace.c
    +++ b/src/backend/catalog/namespace.c
    @@ -585,7 +585,7 @@ RangeVarGetAndCheckCreationNamespace(RangeVar *relation,
     		if (lockmode != NoLock && OidIsValid(relid))
     		{
     			if (!pg_class_ownercheck(relid, GetUserId()))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)),
     							   relation->relname);
     			if (relid != oldrelid)
     				LockRelationOid(relid, lockmode);
    diff --git a/src/backend/catalog/objectaddress.c b/src/backend/catalog/objectaddress.c
    index 9be365f50d..d691b25aa6 100644
    --- a/src/backend/catalog/objectaddress.c
    +++ b/src/backend/catalog/objectaddress.c
    @@ -5097,3 +5097,28 @@ strlist_to_textarray(List *list)
     
     	return arr;
     }
    +
    +ObjectType
    +relkind_get_objtype(char relkind)
    +{
    +	switch (relkind)
    +	{
    +		case RELKIND_RELATION:
    +		case RELKIND_PARTITIONED_TABLE:
    +			return OBJECT_TABLE;
    +		case RELKIND_INDEX:
    +			return OBJECT_INDEX;
    +		case RELKIND_SEQUENCE:
    +			return OBJECT_SEQUENCE;
    +		case RELKIND_VIEW:
    +			return OBJECT_VIEW;
    +		case RELKIND_MATVIEW:
    +			return OBJECT_MATVIEW;
    +		case RELKIND_FOREIGN_TABLE:
    +			return OBJECT_FOREIGN_TABLE;
    +		/* other relkinds are not supported here because they don't map to OBJECT_* values */
    +		default:
    +			elog(ERROR, "unexpected relkind: %d", relkind);
    +			return 0;
    +	}
    +}
    diff --git a/src/backend/commands/lockcmds.c b/src/backend/commands/lockcmds.c
    index aa54565716..0d7c18d0bd 100644
    --- a/src/backend/commands/lockcmds.c
    +++ b/src/backend/commands/lockcmds.c
    @@ -96,7 +96,7 @@ RangeVarCallbackForLockTable(const RangeVar *rv, Oid relid, Oid oldrelid,
     	/* Check permissions. */
     	aclresult = LockTableAclCheck(relid, lockmode);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, OBJECT_RELATION, rv->relname);
    +		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
     }
     
     /*
    @@ -127,7 +127,7 @@ LockTableRecurse(Oid reloid, LOCKMODE lockmode, bool nowait)
     
     			if (!relname)
     				continue;		/* child concurrently dropped, just skip it */
    -			aclcheck_error(aclresult, OBJECT_RELATION, relname);
    +			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(childreloid)), relname);
     		}
     
     		/* We have enough rights to lock the relation; do so. */
    diff --git a/src/backend/commands/policy.c b/src/backend/commands/policy.c
    index 2ec35abf8f..76b5bfd34b 100644
    --- a/src/backend/commands/policy.c
    +++ b/src/backend/commands/policy.c
    @@ -78,7 +78,7 @@ RangeVarCallbackForPolicy(const RangeVar *rv, Oid relid, Oid oldrelid,
     
     	/* Must own relation. */
     	if (!pg_class_ownercheck(relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
     
     	/* No system table modifications unless explicitly allowed. */
     	if (!allowSystemTableMods && IsSystemClass(relid, classform))
    diff --git a/src/backend/commands/publicationcmds.c b/src/backend/commands/publicationcmds.c
    index 0cc62c77bd..d248e063a8 100644
    --- a/src/backend/commands/publicationcmds.c
    +++ b/src/backend/commands/publicationcmds.c
    @@ -582,7 +582,7 @@ PublicationAddTables(Oid pubid, List *rels, bool if_not_exists,
     
     		/* Must be owner of the table or superuser. */
     		if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     						   RelationGetRelationName(rel));
     
     		obj = publication_add_relation(pubid, rel, if_not_exists);
    diff --git a/src/backend/commands/statscmds.c b/src/backend/commands/statscmds.c
    index 8a0cc6c2cf..89237c48ce 100644
    --- a/src/backend/commands/statscmds.c
    +++ b/src/backend/commands/statscmds.c
    @@ -25,6 +25,7 @@
     #include "statistics/statistics.h"
     #include "utils/builtins.h"
     #include "utils/inval.h"
    +#include "utils/lsyscache.h"
     #include "utils/memutils.h"
     #include "utils/rel.h"
     #include "utils/syscache.h"
    @@ -141,7 +142,7 @@ CreateStatistics(CreateStatsStmt *stmt)
     
     		/* You must own the relation to create stats on it */
     		if (!pg_class_ownercheck(RelationGetRelid(rel), stxowner))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     						   RelationGetRelationName(rel));
     	}
     
    diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
    index 38bfd29cd9..a5c8d4443d 100644
    --- a/src/backend/commands/tablecmds.c
    +++ b/src/backend/commands/tablecmds.c
    @@ -1192,7 +1192,7 @@ RangeVarCallbackForDropRelation(const RangeVar *rel, Oid relOid, Oid oldRelOid,
     	/* Allow DROP to either table owner or schema owner */
     	if (!pg_class_ownercheck(relOid, GetUserId()) &&
     		!pg_namespace_ownercheck(classform->relnamespace, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relOid)),
     					   rel->relname);
     
     	if (!allowSystemTableMods && IsSystemClass(relOid, classform))
    @@ -1562,7 +1562,7 @@ truncate_check_rel(Relation rel)
     	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     								  ACL_TRUNCATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, OBJECT_RELATION,
    +		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     					   RelationGetRelationName(rel));
     
     	if (!allowSystemTableMods && IsSystemRelation(rel))
    @@ -1848,7 +1848,7 @@ MergeAttributes(List *schema, List *supers, char relpersistence,
     		 * demand that creator of a child table own the parent.
     		 */
     		if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(relation))),
     						   RelationGetRelationName(relation));
     
     		/*
    @@ -2551,7 +2551,7 @@ renameatt_check(Oid myrelid, Form_pg_class classform, bool recursing)
     	 * permissions checking.  only the owner of a class can change its schema.
     	 */
     	if (!pg_class_ownercheck(myrelid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(myrelid)),
     					   NameStr(classform->relname));
     	if (!allowSystemTableMods && IsSystemClass(myrelid, classform))
     		ereport(ERROR,
    @@ -4769,7 +4769,7 @@ ATSimplePermissions(Relation rel, int allowed_targets)
     
     	/* Permissions checks */
     	if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     					   RelationGetRelationName(rel));
     
     	if (!allowSystemTableMods && IsSystemRelation(rel))
    @@ -6212,7 +6212,7 @@ ATPrepSetStatistics(Relation rel, const char *colName, int16 colNum, Node *newVa
     
     	/* Permissions checks */
     	if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     					   RelationGetRelationName(rel));
     }
     
    @@ -8136,7 +8136,7 @@ checkFkeyPermissions(Relation rel, int16 *attnums, int natts)
     		aclresult = pg_attribute_aclcheck(RelationGetRelid(rel), attnums[i],
     										  roleid, ACL_REFERENCES);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, OBJECT_RELATION,
    +			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     						   RelationGetRelationName(rel));
     	}
     }
    @@ -10046,7 +10046,7 @@ ATExecChangeOwner(Oid relationOid, Oid newOwnerId, bool recursing, LOCKMODE lock
     
     				/* Otherwise, must be owner of the existing object */
     				if (!pg_class_ownercheck(relationOid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relationOid)),
     								   RelationGetRelationName(target_rel));
     
     				/* Must be able to become new owner */
    @@ -10856,7 +10856,7 @@ AlterTableMoveAll(AlterTableMoveAllStmt *stmt)
     		 * Caller must be considered an owner on the table to move it.
     		 */
     		if (!pg_class_ownercheck(relOid, GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relOid)),
     						   NameStr(relForm->relname));
     
     		if (stmt->nowait &&
    @@ -13101,7 +13101,7 @@ RangeVarCallbackOwnsTable(const RangeVar *relation,
     
     	/* Check permissions */
     	if (!pg_class_ownercheck(relId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, relation->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relId)), relation->relname);
     }
     
     /*
    @@ -13123,7 +13123,7 @@ RangeVarCallbackOwnsRelation(const RangeVar *relation,
     		elog(ERROR, "cache lookup failed for relation %u", relId);
     
     	if (!pg_class_ownercheck(relId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relId)),
     					   relation->relname);
     
     	if (!allowSystemTableMods &&
    @@ -13159,7 +13159,7 @@ RangeVarCallbackForAlterRelation(const RangeVar *rv, Oid relid, Oid oldrelid,
     
     	/* Must own relation. */
     	if (!pg_class_ownercheck(relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
     
     	/* No system table modifications unless explicitly allowed. */
     	if (!allowSystemTableMods && IsSystemClass(relid, classform))
    diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c
    index 438653f310..0bda470dd2 100644
    --- a/src/backend/commands/trigger.c
    +++ b/src/backend/commands/trigger.c
    @@ -284,7 +284,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
     		aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     									  ACL_TRIGGER);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, OBJECT_RELATION,
    +			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     						   RelationGetRelationName(rel));
     
     		if (OidIsValid(constrrelid))
    @@ -292,7 +292,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
     			aclresult = pg_class_aclcheck(constrrelid, GetUserId(),
     										  ACL_TRIGGER);
     			if (aclresult != ACLCHECK_OK)
    -				aclcheck_error(aclresult, OBJECT_RELATION,
    +				aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(constrrelid)),
     							   get_rel_name(constrrelid));
     		}
     	}
    @@ -1422,7 +1422,7 @@ RangeVarCallbackForRenameTrigger(const RangeVar *rv, Oid relid, Oid oldrelid,
     
     	/* you must own the table to rename one of its triggers */
     	if (!pg_class_ownercheck(relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
     	if (!allowSystemTableMods && IsSystemClass(relid, form))
     		ereport(ERROR,
     				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
    diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
    index 64a43822bb..97c461b480 100644
    --- a/src/backend/executor/execMain.c
    +++ b/src/backend/executor/execMain.c
    @@ -579,7 +579,7 @@ ExecCheckRTPerms(List *rangeTable, bool ereport_on_violation)
     		{
     			Assert(rte->rtekind == RTE_RELATION);
     			if (ereport_on_violation)
    -				aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_RELATION,
    +				aclcheck_error(ACLCHECK_NO_PRIV, relkind_get_objtype(get_rel_relkind(rte->relid)),
     							   get_rel_name(rte->relid));
     			return false;
     		}
    diff --git a/src/backend/parser/parse_utilcmd.c b/src/backend/parser/parse_utilcmd.c
    index e7df455634..a31ce08449 100644
    --- a/src/backend/parser/parse_utilcmd.c
    +++ b/src/backend/parser/parse_utilcmd.c
    @@ -962,7 +962,7 @@ transformTableLikeClause(CreateStmtContext *cxt, TableLikeClause *table_like_cla
     		aclresult = pg_class_aclcheck(RelationGetRelid(relation), GetUserId(),
     									  ACL_SELECT);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, OBJECT_RELATION,
    +			aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(relation))),
     						   RelationGetRelationName(relation));
     	}
     
    diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c
    index 7eca67a52f..078e549e6d 100644
    --- a/src/backend/rewrite/rewriteDefine.c
    +++ b/src/backend/rewrite/rewriteDefine.c
    @@ -276,7 +276,7 @@ DefineQueryRewrite(const char *rulename,
     	 * Check user has permission to apply rules to this relation.
     	 */
     	if (!pg_class_ownercheck(event_relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(RelationGetRelid(event_relation))),
     					   RelationGetRelationName(event_relation));
     
     	/*
    @@ -864,7 +864,7 @@ EnableDisableRule(Relation rel, const char *rulename,
     	eventRelationOid = ((Form_pg_rewrite) GETSTRUCT(ruletup))->ev_class;
     	Assert(eventRelationOid == owningRel);
     	if (!pg_class_ownercheck(eventRelationOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(eventRelationOid)),
     					   get_rel_name(eventRelationOid));
     
     	/*
    @@ -927,7 +927,7 @@ RangeVarCallbackForRenameRule(const RangeVar *rv, Oid relid, Oid oldrelid,
     
     	/* you must own the table to rename one of its rules */
     	if (!pg_class_ownercheck(relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, relkind_get_objtype(get_rel_relkind(relid)), rv->relname);
     
     	ReleaseSysCache(tuple);
     }
    diff --git a/src/backend/utils/adt/tid.c b/src/backend/utils/adt/tid.c
    index 4aa8122fa2..12efc85d06 100644
    --- a/src/backend/utils/adt/tid.c
    +++ b/src/backend/utils/adt/tid.c
    @@ -29,6 +29,7 @@
     #include "parser/parsetree.h"
     #include "utils/acl.h"
     #include "utils/builtins.h"
    +#include "utils/lsyscache.h"
     #include "utils/rel.h"
     #include "utils/snapmgr.h"
     #include "utils/tqual.h"
    @@ -343,7 +344,7 @@ currtid_byreloid(PG_FUNCTION_ARGS)
     	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     								  ACL_SELECT);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, OBJECT_RELATION,
    +		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     					   RelationGetRelationName(rel));
     
     	if (rel->rd_rel->relkind == RELKIND_VIEW)
    @@ -377,7 +378,7 @@ currtid_byrelname(PG_FUNCTION_ARGS)
     	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     								  ACL_SELECT);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, OBJECT_RELATION,
    +		aclcheck_error(aclresult, relkind_get_objtype(get_rel_relkind(RelationGetRelid(rel))),
     					   RelationGetRelationName(rel));
     
     	if (rel->rd_rel->relkind == RELKIND_VIEW)
    diff --git a/src/include/catalog/objectaddress.h b/src/include/catalog/objectaddress.h
    index 403e8bb2af..43819304eb 100644
    --- a/src/include/catalog/objectaddress.h
    +++ b/src/include/catalog/objectaddress.h
    @@ -78,4 +78,6 @@ extern char *getObjectIdentityParts(const ObjectAddress *address,
     					   List **objname, List **objargs);
     extern ArrayType *strlist_to_textarray(List *list);
     
    +extern ObjectType relkind_get_objtype(char relkind);
    +
     #endif							/* OBJECTADDRESS_H */
    diff --git a/src/test/regress/expected/alter_table.out b/src/test/regress/expected/alter_table.out
    index 11f0baa11b..b998dab6ab 100644
    --- a/src/test/regress/expected/alter_table.out
    +++ b/src/test/regress/expected/alter_table.out
    @@ -3303,7 +3303,7 @@ CREATE TABLE owned_by_me (
     	a int
     ) PARTITION BY LIST (a);
     ALTER TABLE owned_by_me ATTACH PARTITION not_owned_by_me FOR VALUES IN (1);
    -ERROR:  must be owner of relation not_owned_by_me
    +ERROR:  must be owner of table not_owned_by_me
     RESET SESSION AUTHORIZATION;
     DROP TABLE owned_by_me, not_owned_by_me;
     DROP ROLE regress_test_not_me;
    diff --git a/src/test/regress/expected/copy2.out b/src/test/regress/expected/copy2.out
    index 65e9c626b3..e606a5fda4 100644
    --- a/src/test/regress/expected/copy2.out
    +++ b/src/test/regress/expected/copy2.out
    @@ -521,12 +521,12 @@ RESET SESSION AUTHORIZATION;
     SET SESSION AUTHORIZATION regress_rls_copy_user_colperms;
     -- attempt all columns (should fail)
     COPY rls_t1 TO stdout;
    -ERROR:  permission denied for relation rls_t1
    +ERROR:  permission denied for table rls_t1
     COPY rls_t1 (a, b, c) TO stdout;
    -ERROR:  permission denied for relation rls_t1
    +ERROR:  permission denied for table rls_t1
     -- try to copy column with no privileges (should fail)
     COPY rls_t1 (c) TO stdout;
    -ERROR:  permission denied for relation rls_t1
    +ERROR:  permission denied for table rls_t1
     -- subset of columns (should succeed)
     COPY rls_t1 (a) TO stdout;
     2
    diff --git a/src/test/regress/expected/lock.out b/src/test/regress/expected/lock.out
    index fd27344503..74a434d24d 100644
    --- a/src/test/regress/expected/lock.out
    +++ b/src/test/regress/expected/lock.out
    @@ -45,7 +45,7 @@ GRANT UPDATE ON TABLE lock_tbl1 TO regress_rol_lock1;
     SET ROLE regress_rol_lock1;
     BEGIN;
     LOCK TABLE lock_tbl1 * IN ACCESS EXCLUSIVE MODE;
    -ERROR:  permission denied for relation lock_tbl2
    +ERROR:  permission denied for table lock_tbl2
     ROLLBACK;
     BEGIN;
     LOCK TABLE ONLY lock_tbl1;
    diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
    index 87e9211f6a..cf53b37383 100644
    --- a/src/test/regress/expected/privileges.out
    +++ b/src/test/regress/expected/privileges.out
    @@ -92,11 +92,11 @@ SELECT * FROM atest2; -- ok
     
     INSERT INTO atest1 VALUES (2, 'two'); -- ok
     INSERT INTO atest2 VALUES ('foo', true); -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     INSERT INTO atest1 SELECT 1, b FROM atest1; -- ok
     UPDATE atest1 SET a = 1 WHERE a = 2; -- ok
     UPDATE atest2 SET col2 = NOT col2; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     SELECT * FROM atest1 FOR UPDATE; -- ok
      a |  b  
     ---+-----
    @@ -105,17 +105,17 @@ SELECT * FROM atest1 FOR UPDATE; -- ok
     (2 rows)
     
     SELECT * FROM atest2 FOR UPDATE; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     DELETE FROM atest2; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     TRUNCATE atest2; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     BEGIN;
     LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     COMMIT;
     COPY atest2 FROM stdin; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     GRANT ALL ON atest1 TO PUBLIC; -- fail
     WARNING:  no privileges were granted for "atest1"
     -- checks in subquery, both ok
    @@ -144,37 +144,37 @@ SELECT * FROM atest1; -- ok
     (2 rows)
     
     SELECT * FROM atest2; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     INSERT INTO atest1 VALUES (2, 'two'); -- fail
    -ERROR:  permission denied for relation atest1
    +ERROR:  permission denied for table atest1
     INSERT INTO atest2 VALUES ('foo', true); -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     INSERT INTO atest1 SELECT 1, b FROM atest1; -- fail
    -ERROR:  permission denied for relation atest1
    +ERROR:  permission denied for table atest1
     UPDATE atest1 SET a = 1 WHERE a = 2; -- fail
    -ERROR:  permission denied for relation atest1
    +ERROR:  permission denied for table atest1
     UPDATE atest2 SET col2 = NULL; -- ok
     UPDATE atest2 SET col2 = NOT col2; -- fails; requires SELECT on atest2
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     UPDATE atest2 SET col2 = true FROM atest1 WHERE atest1.a = 5; -- ok
     SELECT * FROM atest1 FOR UPDATE; -- fail
    -ERROR:  permission denied for relation atest1
    +ERROR:  permission denied for table atest1
     SELECT * FROM atest2 FOR UPDATE; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     DELETE FROM atest2; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     TRUNCATE atest2; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     BEGIN;
     LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- ok
     COMMIT;
     COPY atest2 FROM stdin; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     -- checks in subquery, both fail
     SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     SET SESSION AUTHORIZATION regress_user4;
     COPY atest2 FROM stdin; -- ok
     SELECT * FROM atest1; -- ok
    @@ -234,7 +234,7 @@ CREATE OPERATOR >>> (procedure = leak2, leftarg = integer, rightarg = integer,
                          restrict = scalargtsel);
     -- This should not show any "leak" notices before failing.
     EXPLAIN (COSTS OFF) SELECT * FROM atest12 WHERE a >>> 0;
    -ERROR:  permission denied for relation atest12
    +ERROR:  permission denied for table atest12
     -- This plan should use hashjoin, as it will expect many rows to be selected.
     EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
                     QUERY PLAN                 
    @@ -287,7 +287,7 @@ CREATE TABLE atest3 (one int, two int, three int);
     GRANT DELETE ON atest3 TO GROUP regress_group2;
     SET SESSION AUTHORIZATION regress_user1;
     SELECT * FROM atest3; -- fail
    -ERROR:  permission denied for relation atest3
    +ERROR:  permission denied for table atest3
     DELETE FROM atest3; -- ok
     -- views
     SET SESSION AUTHORIZATION regress_user3;
    @@ -305,7 +305,7 @@ SELECT * FROM atestv1; -- ok
     (2 rows)
     
     SELECT * FROM atestv2; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     GRANT SELECT ON atestv1, atestv3 TO regress_user4;
     GRANT SELECT ON atestv2 TO regress_user2;
     SET SESSION AUTHORIZATION regress_user4;
    @@ -317,28 +317,28 @@ SELECT * FROM atestv1; -- ok
     (2 rows)
     
     SELECT * FROM atestv2; -- fail
    -ERROR:  permission denied for relation atestv2
    +ERROR:  permission denied for view atestv2
     SELECT * FROM atestv3; -- ok
      one | two | three 
     -----+-----+-------
     (0 rows)
     
     SELECT * FROM atestv0; -- fail
    -ERROR:  permission denied for relation atestv0
    +ERROR:  permission denied for view atestv0
     -- Appendrels excluded by constraints failed to check permissions in 8.4-9.2.
     select * from
       ((select a.q1 as x from int8_tbl a offset 0)
        union all
        (select b.q2 as x from int8_tbl b offset 0)) ss
     where false;
    -ERROR:  permission denied for relation int8_tbl
    +ERROR:  permission denied for table int8_tbl
     set constraint_exclusion = on;
     select * from
       ((select a.q1 as x, random() from int8_tbl a where q1 > 0)
        union all
        (select b.q2 as x, random() from int8_tbl b where q2 > 0)) ss
     where x < 0;
    -ERROR:  permission denied for relation int8_tbl
    +ERROR:  permission denied for table int8_tbl
     reset constraint_exclusion;
     CREATE VIEW atestv4 AS SELECT * FROM atestv3; -- nested view
     SELECT * FROM atestv4; -- ok
    @@ -350,7 +350,7 @@ GRANT SELECT ON atestv4 TO regress_user2;
     SET SESSION AUTHORIZATION regress_user2;
     -- Two complex cases:
     SELECT * FROM atestv3; -- fail
    -ERROR:  permission denied for relation atestv3
    +ERROR:  permission denied for view atestv3
     SELECT * FROM atestv4; -- ok (even though regress_user2 cannot access underlying atestv3)
      one | two | three 
     -----+-----+-------
    @@ -363,7 +363,7 @@ SELECT * FROM atest2; -- ok
     (1 row)
     
     SELECT * FROM atestv2; -- fail (even though regress_user2 can access underlying atest2)
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     -- Test column level permissions
     SET SESSION AUTHORIZATION regress_user1;
     CREATE TABLE atest5 (one int, two int unique, three int, four int unique);
    @@ -373,7 +373,7 @@ GRANT ALL (one) ON atest5 TO regress_user3;
     INSERT INTO atest5 VALUES (1,2,3);
     SET SESSION AUTHORIZATION regress_user4;
     SELECT * FROM atest5; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT one FROM atest5; -- ok
      one 
     -----
    @@ -383,13 +383,13 @@ SELECT one FROM atest5; -- ok
     COPY atest5 (one) TO stdout; -- ok
     1
     SELECT two FROM atest5; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     COPY atest5 (two) TO stdout; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT atest5 FROM atest5; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     COPY atest5 (one,two) TO stdout; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT 1 FROM atest5; -- ok
      ?column? 
     ----------
    @@ -403,15 +403,15 @@ SELECT 1 FROM atest5 a JOIN atest5 b USING (one); -- ok
     (1 row)
     
     SELECT 1 FROM atest5 a JOIN atest5 b USING (two); -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT 1 FROM atest5 a NATURAL JOIN atest5 b; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT (j.*) IS NULL FROM (atest5 a JOIN atest5 b USING (one)) j; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT 1 FROM atest5 WHERE two = 2; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT * FROM atest1, atest5; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT atest1.* FROM atest1, atest5; -- ok
      a |  b  
     ---+-----
    @@ -427,7 +427,7 @@ SELECT atest1.*,atest5.one FROM atest1, atest5; -- ok
     (2 rows)
     
     SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.two); -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -- ok
      a |  b  | one 
     ---+-----+-----
    @@ -436,12 +436,12 @@ SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -
     (2 rows)
     
     SELECT one, two FROM atest5; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SET SESSION AUTHORIZATION regress_user1;
     GRANT SELECT (one,two) ON atest6 TO regress_user4;
     SET SESSION AUTHORIZATION regress_user4;
     SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SET SESSION AUTHORIZATION regress_user1;
     GRANT SELECT (two) ON atest5 TO regress_user4;
     SET SESSION AUTHORIZATION regress_user4;
    @@ -453,23 +453,23 @@ SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now
     -- test column-level privileges for INSERT and UPDATE
     INSERT INTO atest5 (two) VALUES (3); -- ok
     COPY atest5 FROM stdin; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     COPY atest5 (two) FROM stdin; -- ok
     INSERT INTO atest5 (three) VALUES (4); -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     INSERT INTO atest5 VALUES (5,5,5); -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     UPDATE atest5 SET three = 10; -- ok
     UPDATE atest5 SET one = 8; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     UPDATE atest5 SET three = 5, one = 2; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     -- Check that column level privs are enforced in RETURNING
     -- Ok.
     INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10;
     -- Error. No SELECT on column three.
     INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10 RETURNING atest5.three;
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     -- Ok.  May SELECT on column "one":
     INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10 RETURNING atest5.one;
      one 
    @@ -482,21 +482,21 @@ INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10 RE
     INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = EXCLUDED.one;
     -- Error. No select rights on three
     INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = EXCLUDED.three;
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set one = 8; -- fails (due to UPDATE)
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     INSERT INTO atest5(three) VALUES (4) ON CONFLICT (two) DO UPDATE set three = 10; -- fails (due to INSERT)
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     -- Check that the columns in the inference require select privileges
     INSERT INTO atest5(four) VALUES (4); -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SET SESSION AUTHORIZATION regress_user1;
     GRANT INSERT (four) ON atest5 TO regress_user4;
     SET SESSION AUTHORIZATION regress_user4;
     INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT)
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT)
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     INSERT INTO atest5(four) VALUES (4); -- ok
     SET SESSION AUTHORIZATION regress_user1;
     GRANT SELECT (four) ON atest5 TO regress_user4;
    @@ -508,9 +508,9 @@ REVOKE ALL (one) ON atest5 FROM regress_user4;
     GRANT SELECT (one,two,blue) ON atest6 TO regress_user4;
     SET SESSION AUTHORIZATION regress_user4;
     SELECT one FROM atest5; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     UPDATE atest5 SET one = 1; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SELECT atest6 FROM atest6; -- ok
      atest6 
     --------
    @@ -557,9 +557,9 @@ REVOKE ALL (one) ON atest5 FROM regress_user3;
     GRANT SELECT (one) ON atest5 TO regress_user4;
     SET SESSION AUTHORIZATION regress_user4;
     SELECT atest6 FROM atest6; -- fail
    -ERROR:  permission denied for relation atest6
    +ERROR:  permission denied for table atest6
     SELECT one FROM atest5 NATURAL JOIN atest6; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     SET SESSION AUTHORIZATION regress_user1;
     ALTER TABLE atest6 DROP COLUMN three;
     SET SESSION AUTHORIZATION regress_user4;
    @@ -578,12 +578,12 @@ ALTER TABLE atest6 DROP COLUMN two;
     REVOKE SELECT (one,blue) ON atest6 FROM regress_user4;
     SET SESSION AUTHORIZATION regress_user4;
     SELECT * FROM atest6; -- fail
    -ERROR:  permission denied for relation atest6
    +ERROR:  permission denied for table atest6
     SELECT 1 FROM atest6; -- fail
    -ERROR:  permission denied for relation atest6
    +ERROR:  permission denied for table atest6
     SET SESSION AUTHORIZATION regress_user3;
     DELETE FROM atest5 WHERE one = 1; -- fail
    -ERROR:  permission denied for relation atest5
    +ERROR:  permission denied for table atest5
     DELETE FROM atest5 WHERE two = 2; -- ok
     -- check inheritance cases
     SET SESSION AUTHORIZATION regress_user1;
    @@ -614,7 +614,7 @@ SELECT oid FROM atestp2; -- ok
     (0 rows)
     
     SELECT fy FROM atestc; -- fail
    -ERROR:  permission denied for relation atestc
    +ERROR:  permission denied for table atestc
     SET SESSION AUTHORIZATION regress_user1;
     GRANT SELECT(fy,oid) ON atestc TO regress_user2;
     SET SESSION AUTHORIZATION regress_user2;
    @@ -698,7 +698,7 @@ ERROR:  permission denied for aggregate testagg1
     CALL testproc1(6); -- fail
     ERROR:  permission denied for procedure testproc1
     SELECT col1 FROM atest2 WHERE col2 = true; -- fail
    -ERROR:  permission denied for relation atest2
    +ERROR:  permission denied for table atest2
     SELECT testfunc4(true); -- ok
      testfunc4 
     -----------
    @@ -849,7 +849,7 @@ DROP DOMAIN testdomain1; -- ok
     SET SESSION AUTHORIZATION regress_user5;
     TRUNCATE atest2; -- ok
     TRUNCATE atest3; -- fail
    -ERROR:  permission denied for relation atest3
    +ERROR:  permission denied for table atest3
     -- has_table_privilege function
     -- bad-input checks
     select has_table_privilege(NULL,'pg_authid','select');
    @@ -1435,7 +1435,7 @@ SELECT * FROM pg_largeobject LIMIT 0;
     
     SET SESSION AUTHORIZATION regress_user1;
     SELECT * FROM pg_largeobject LIMIT 0;			-- to be denied
    -ERROR:  permission denied for relation pg_largeobject
    +ERROR:  permission denied for table pg_largeobject
     -- test default ACLs
     \c -
     CREATE SCHEMA testns;
    @@ -1899,14 +1899,14 @@ GRANT SELECT ON lock_table TO regress_locktable_user;
     SET SESSION AUTHORIZATION regress_locktable_user;
     BEGIN;
     LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should fail
    -ERROR:  permission denied for relation lock_table
    +ERROR:  permission denied for table lock_table
     ROLLBACK;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should pass
     COMMIT;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should fail
    -ERROR:  permission denied for relation lock_table
    +ERROR:  permission denied for table lock_table
     ROLLBACK;
     \c
     REVOKE SELECT ON lock_table FROM regress_locktable_user;
    @@ -1918,11 +1918,11 @@ LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
     COMMIT;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should fail
    -ERROR:  permission denied for relation lock_table
    +ERROR:  permission denied for table lock_table
     ROLLBACK;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should fail
    -ERROR:  permission denied for relation lock_table
    +ERROR:  permission denied for table lock_table
     ROLLBACK;
     \c
     REVOKE INSERT ON lock_table FROM regress_locktable_user;
    @@ -1934,7 +1934,7 @@ LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
     COMMIT;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should fail
    -ERROR:  permission denied for relation lock_table
    +ERROR:  permission denied for table lock_table
     ROLLBACK;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
    @@ -1949,7 +1949,7 @@ LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
     COMMIT;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should fail
    -ERROR:  permission denied for relation lock_table
    +ERROR:  permission denied for table lock_table
     ROLLBACK;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
    @@ -1964,7 +1964,7 @@ LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
     COMMIT;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should fail
    -ERROR:  permission denied for relation lock_table
    +ERROR:  permission denied for table lock_table
     ROLLBACK;
     BEGIN;
     LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
    diff --git a/src/test/regress/expected/publication.out b/src/test/regress/expected/publication.out
    index b101331d69..0c86c647bc 100644
    --- a/src/test/regress/expected/publication.out
    +++ b/src/test/regress/expected/publication.out
    @@ -198,7 +198,7 @@ GRANT CREATE ON DATABASE regression TO regress_publication_user2;
     SET ROLE regress_publication_user2;
     CREATE PUBLICATION testpub2;  -- ok
     ALTER PUBLICATION testpub2 ADD TABLE testpub_tbl1;  -- fail
    -ERROR:  must be owner of relation testpub_tbl1
    +ERROR:  must be owner of table testpub_tbl1
     SET ROLE regress_publication_user;
     GRANT regress_publication_user TO regress_publication_user2;
     SET ROLE regress_publication_user2;
    diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out
    index b8dcf51a30..f1ae40df61 100644
    --- a/src/test/regress/expected/rowsecurity.out
    +++ b/src/test/regress/expected/rowsecurity.out
    @@ -361,7 +361,7 @@ INSERT INTO document VALUES (100, 55, 1, 'regress_rls_dave', 'testing sorting of
     ERROR:  new row violates row-level security policy "p2r" for table "document"
     -- only owner can change policies
     ALTER POLICY p1 ON document USING (true);    --fail
    -ERROR:  must be owner of relation document
    +ERROR:  must be owner of table document
     DROP POLICY p1 ON document;                  --fail
     ERROR:  must be owner of relation document
     SET SESSION AUTHORIZATION regress_rls_alice;
    @@ -1192,7 +1192,7 @@ EXPLAIN (COSTS OFF) SELECT * FROM part_document WHERE f_leak(dtitle);
     
     -- only owner can change policies
     ALTER POLICY pp1 ON part_document USING (true);    --fail
    -ERROR:  must be owner of relation part_document
    +ERROR:  must be owner of table part_document
     DROP POLICY pp1 ON part_document;                  --fail
     ERROR:  must be owner of relation part_document
     SET SESSION AUTHORIZATION regress_rls_alice;
    @@ -2446,9 +2446,9 @@ EXPLAIN (COSTS OFF) SELECT * FROM rls_view;
     -- Query as role that is not the owner of the table or view without permissions.
     SET SESSION AUTHORIZATION regress_rls_carol;
     SELECT * FROM rls_view; --fail - permission denied.
    -ERROR:  permission denied for relation rls_view
    +ERROR:  permission denied for view rls_view
     EXPLAIN (COSTS OFF) SELECT * FROM rls_view; --fail - permission denied.
    -ERROR:  permission denied for relation rls_view
    +ERROR:  permission denied for view rls_view
     -- Query as role that is not the owner of the table or view with permissions.
     SET SESSION AUTHORIZATION regress_rls_bob;
     GRANT SELECT ON rls_view TO regress_rls_carol;
    @@ -3235,7 +3235,7 @@ COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; --fail
     ERROR:  query would be affected by row-level security policy for table "copy_t"
     SET row_security TO ON;
     COPY (SELECT * FROM copy_t ORDER BY a ASC) TO STDOUT WITH DELIMITER ','; --fail - permission denied
    -ERROR:  permission denied for relation copy_t
    +ERROR:  permission denied for table copy_t
     -- Check COPY relation TO; keep it just one row to avoid reordering issues
     RESET SESSION AUTHORIZATION;
     SET row_security TO ON;
    @@ -3271,10 +3271,10 @@ COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --ok
     SET SESSION AUTHORIZATION regress_rls_carol;
     SET row_security TO OFF;
     COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --fail - permission denied
    -ERROR:  permission denied for relation copy_rel_to
    +ERROR:  permission denied for table copy_rel_to
     SET row_security TO ON;
     COPY copy_rel_to TO STDOUT WITH DELIMITER ','; --fail - permission denied
    -ERROR:  permission denied for relation copy_rel_to
    +ERROR:  permission denied for table copy_rel_to
     -- Check COPY FROM as Superuser/owner.
     RESET SESSION AUTHORIZATION;
     SET row_security TO OFF;
    @@ -3298,10 +3298,10 @@ COPY copy_t FROM STDIN; --ok
     SET SESSION AUTHORIZATION regress_rls_carol;
     SET row_security TO OFF;
     COPY copy_t FROM STDIN; --fail - permission denied.
    -ERROR:  permission denied for relation copy_t
    +ERROR:  permission denied for table copy_t
     SET row_security TO ON;
     COPY copy_t FROM STDIN; --fail - permission denied.
    -ERROR:  permission denied for relation copy_t
    +ERROR:  permission denied for table copy_t
     RESET SESSION AUTHORIZATION;
     DROP TABLE copy_t;
     DROP TABLE copy_rel_to CASCADE;
    diff --git a/src/test/regress/expected/select_into.out b/src/test/regress/expected/select_into.out
    index 5d54bbf3b0..ef7cfd6f29 100644
    --- a/src/test/regress/expected/select_into.out
    +++ b/src/test/regress/expected/select_into.out
    @@ -22,15 +22,15 @@ GRANT ALL ON SCHEMA selinto_schema TO public;
     SET SESSION AUTHORIZATION regress_selinto_user;
     SELECT * INTO TABLE selinto_schema.tmp1
     	  FROM pg_class WHERE relname like '%a%';	-- Error
    -ERROR:  permission denied for relation tmp1
    +ERROR:  permission denied for table tmp1
     SELECT oid AS clsoid, relname, relnatts + 10 AS x
     	  INTO selinto_schema.tmp2
     	  FROM pg_class WHERE relname like '%b%';	-- Error
    -ERROR:  permission denied for relation tmp2
    +ERROR:  permission denied for table tmp2
     CREATE TABLE selinto_schema.tmp3 (a,b,c)
     	   AS SELECT oid,relname,relacl FROM pg_class
     	   WHERE relname like '%c%';	-- Error
    -ERROR:  permission denied for relation tmp3
    +ERROR:  permission denied for table tmp3
     RESET SESSION AUTHORIZATION;
     ALTER DEFAULT PRIVILEGES FOR ROLE regress_selinto_user
     	  GRANT INSERT ON TABLES TO regress_selinto_user;
    diff --git a/src/test/regress/expected/sequence.out b/src/test/regress/expected/sequence.out
    index 2384b7dd81..ca5ea063fa 100644
    --- a/src/test/regress/expected/sequence.out
    +++ b/src/test/regress/expected/sequence.out
    @@ -785,7 +785,7 @@ ROLLBACK;
     BEGIN;
     SET LOCAL SESSION AUTHORIZATION regress_seq_user;
     ALTER SEQUENCE sequence_test2 START WITH 1;
    -ERROR:  must be owner of relation sequence_test2
    +ERROR:  must be owner of sequence sequence_test2
     ROLLBACK;
     -- Sequences should get wiped out as well:
     DROP TABLE serialTest1, serialTest2;
    diff --git a/src/test/regress/expected/updatable_views.out b/src/test/regress/expected/updatable_views.out
    index 2090a411fe..964c115b14 100644
    --- a/src/test/regress/expected/updatable_views.out
    +++ b/src/test/regress/expected/updatable_views.out
    @@ -990,26 +990,26 @@ SELECT * FROM rw_view2; -- ok
     (2 rows)
     
     INSERT INTO base_tbl VALUES (3, 'Row 3', 3.0); -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     INSERT INTO rw_view1 VALUES ('Row 3', 3.0, 3); -- not allowed
    -ERROR:  permission denied for relation rw_view1
    +ERROR:  permission denied for view rw_view1
     INSERT INTO rw_view2 VALUES ('Row 3', 3.0, 3); -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     UPDATE base_tbl SET a=a, c=c; -- ok
     UPDATE base_tbl SET b=b; -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     UPDATE rw_view1 SET bb=bb, cc=cc; -- ok
     UPDATE rw_view1 SET aa=aa; -- not allowed
    -ERROR:  permission denied for relation rw_view1
    +ERROR:  permission denied for view rw_view1
     UPDATE rw_view2 SET aa=aa, cc=cc; -- ok
     UPDATE rw_view2 SET bb=bb; -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     DELETE FROM base_tbl; -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     DELETE FROM rw_view1; -- not allowed
    -ERROR:  permission denied for relation rw_view1
    +ERROR:  permission denied for view rw_view1
     DELETE FROM rw_view2; -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     RESET SESSION AUTHORIZATION;
     SET SESSION AUTHORIZATION regress_view_user1;
     GRANT INSERT, DELETE ON base_tbl TO regress_view_user2;
    @@ -1017,11 +1017,11 @@ RESET SESSION AUTHORIZATION;
     SET SESSION AUTHORIZATION regress_view_user2;
     INSERT INTO base_tbl VALUES (3, 'Row 3', 3.0); -- ok
     INSERT INTO rw_view1 VALUES ('Row 4', 4.0, 4); -- not allowed
    -ERROR:  permission denied for relation rw_view1
    +ERROR:  permission denied for view rw_view1
     INSERT INTO rw_view2 VALUES ('Row 4', 4.0, 4); -- ok
     DELETE FROM base_tbl WHERE a=1; -- ok
     DELETE FROM rw_view1 WHERE aa=2; -- not allowed
    -ERROR:  permission denied for relation rw_view1
    +ERROR:  permission denied for view rw_view1
     DELETE FROM rw_view2 WHERE aa=2; -- ok
     SELECT * FROM base_tbl;
      a |   b   | c 
    @@ -1037,15 +1037,15 @@ GRANT INSERT, DELETE ON rw_view1 TO regress_view_user2;
     RESET SESSION AUTHORIZATION;
     SET SESSION AUTHORIZATION regress_view_user2;
     INSERT INTO base_tbl VALUES (5, 'Row 5', 5.0); -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     INSERT INTO rw_view1 VALUES ('Row 5', 5.0, 5); -- ok
     INSERT INTO rw_view2 VALUES ('Row 6', 6.0, 6); -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     DELETE FROM base_tbl WHERE a=3; -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     DELETE FROM rw_view1 WHERE aa=3; -- ok
     DELETE FROM rw_view2 WHERE aa=4; -- not allowed
    -ERROR:  permission denied for relation base_tbl
    +ERROR:  permission denied for table base_tbl
     SELECT * FROM base_tbl;
      a |   b   | c 
     ---+-------+---
    -- 
    2.15.1
    
    
    --------------9542E740EF1A89D80A2224F4
    Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0";
     name="v4-0004-Use-OBJECT_TABLE-instead-of-OBJECT_RELATION-for-A.patch"
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment;
     filename*0="v4-0004-Use-OBJECT_TABLE-instead-of-OBJECT_RELATION-for-A.pa";
     filename*1="tch"