Thread

  1. [PATCH v2 2/2] Replace AclObjectKind with ObjectType

    Peter Eisentraut <peter_e@gmx.net> — 2017-12-02T14:26:34Z

    AclObjectKind was basically just another enumeration for object types,
    and we already have a preferred one for that.  It's only used in
    aclcheck_error.  By using ObjectType instead, we can also give some more
    precise error messages, for example "index" instead of "relation".
    ---
     contrib/dblink/dblink.c                            |   4 +-
     contrib/pg_prewarm/pg_prewarm.c                    |   2 +-
     contrib/pgrowlocks/pgrowlocks.c                    |   2 +-
     src/backend/access/brin/brin.c                     |   4 +-
     src/backend/access/gin/ginfast.c                   |   2 +-
     src/backend/catalog/aclchk.c                       | 508 +++++++++++++--------
     src/backend/catalog/namespace.c                    |   8 +-
     src/backend/catalog/objectaddress.c                |  90 ++--
     src/backend/catalog/pg_aggregate.c                 |   2 +-
     src/backend/catalog/pg_operator.c                  |   8 +-
     src/backend/catalog/pg_proc.c                      |   2 +-
     src/backend/catalog/pg_type.c                      |   2 +-
     src/backend/commands/aggregatecmds.c               |   2 +-
     src/backend/commands/alter.c                       |  18 +-
     src/backend/commands/collationcmds.c               |   4 +-
     src/backend/commands/conversioncmds.c              |   4 +-
     src/backend/commands/dbcommands.c                  |  16 +-
     src/backend/commands/event_trigger.c               |   4 +-
     src/backend/commands/extension.c                   |   8 +-
     src/backend/commands/foreigncmds.c                 |  16 +-
     src/backend/commands/functioncmds.c                |  26 +-
     src/backend/commands/indexcmds.c                   |  10 +-
     src/backend/commands/lockcmds.c                    |   4 +-
     src/backend/commands/opclasscmds.c                 |  16 +-
     src/backend/commands/operatorcmds.c                |  10 +-
     src/backend/commands/policy.c                      |   2 +-
     src/backend/commands/proclang.c                    |   4 +-
     src/backend/commands/publicationcmds.c             |  10 +-
     src/backend/commands/schemacmds.c                  |  10 +-
     src/backend/commands/statscmds.c                   |   2 +-
     src/backend/commands/subscriptioncmds.c            |   6 +-
     src/backend/commands/tablecmds.c                   |  36 +-
     src/backend/commands/tablespace.c                  |  10 +-
     src/backend/commands/trigger.c                     |   8 +-
     src/backend/commands/tsearchcmds.c                 |   8 +-
     src/backend/commands/typecmds.c                    |  28 +-
     src/backend/commands/user.c                        |   2 +-
     src/backend/executor/execExpr.c                    |   4 +-
     src/backend/executor/execMain.c                    |   2 +-
     src/backend/executor/execSRF.c                     |   2 +-
     src/backend/executor/nodeAgg.c                     |  10 +-
     src/backend/executor/nodeWindowAgg.c               |   8 +-
     src/backend/parser/parse_utilcmd.c                 |   4 +-
     src/backend/rewrite/rewriteDefine.c                |   6 +-
     src/backend/tcop/fastpath.c                        |   4 +-
     src/backend/utils/adt/dbsize.c                     |   4 +-
     src/backend/utils/adt/tid.c                        |   4 +-
     src/backend/utils/fmgr/fmgr.c                      |   4 +-
     src/include/catalog/objectaddress.h                |   2 +-
     src/include/utils/acl.h                            |  35 +-
     src/pl/tcl/pltcl.c                                 |   2 +-
     .../dummy_seclabel/expected/dummy_seclabel.out     |   4 +-
     src/test/regress/expected/create_procedure.out     |   2 +-
     src/test/regress/expected/privileges.out           |   8 +-
     54 files changed, 562 insertions(+), 441 deletions(-)
    
    diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c
    index a7e22b378a..87bd6f730b 100644
    --- a/contrib/dblink/dblink.c
    +++ b/contrib/dblink/dblink.c
    @@ -2504,7 +2504,7 @@ get_rel_from_relname(text *relname_text, LOCKMODE lockmode, AclMode aclmode)
     	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     								  aclmode);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_CLASS,
    +		aclcheck_error(aclresult, OBJECT_RELATION,
     					   RelationGetRelationName(rel));
     
     	return rel;
    @@ -2789,7 +2789,7 @@ get_connect_string(const char *servername)
     		/* Check permissions, user must have usage on the server. */
     		aclresult = pg_foreign_server_aclcheck(serverid, userid, ACL_USAGE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_FOREIGN_SERVER, foreign_server->servername);
    +			aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, foreign_server->servername);
     
     		foreach(cell, fdw->options)
     		{
    diff --git a/contrib/pg_prewarm/pg_prewarm.c b/contrib/pg_prewarm/pg_prewarm.c
    index fec62b1a54..295297274b 100644
    --- a/contrib/pg_prewarm/pg_prewarm.c
    +++ b/contrib/pg_prewarm/pg_prewarm.c
    @@ -107,7 +107,7 @@ pg_prewarm(PG_FUNCTION_ARGS)
     	rel = relation_open(relOid, AccessShareLock);
     	aclresult = pg_class_aclcheck(relOid, GetUserId(), ACL_SELECT);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_CLASS, get_rel_name(relOid));
    +		aclcheck_error(aclresult, OBJECT_RELATION, get_rel_name(relOid));
     
     	/* Check that the fork exists. */
     	RelationOpenSmgr(rel);
    diff --git a/contrib/pgrowlocks/pgrowlocks.c b/contrib/pgrowlocks/pgrowlocks.c
    index eabca65bd2..38e10e59a8 100644
    --- a/contrib/pgrowlocks/pgrowlocks.c
    +++ b/contrib/pgrowlocks/pgrowlocks.c
    @@ -121,7 +121,7 @@ pgrowlocks(PG_FUNCTION_ARGS)
     			aclresult = is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES) ? ACLCHECK_OK : ACLCHECK_NO_PRIV;
     
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_CLASS,
    +			aclcheck_error(aclresult, OBJECT_RELATION,
     						   RelationGetRelationName(rel));
     
     		scan = heap_beginscan(rel, GetActiveSnapshot(), 0, NULL);
    diff --git a/src/backend/access/brin/brin.c b/src/backend/access/brin/brin.c
    index 9fbb093b3c..628d447a61 100644
    --- a/src/backend/access/brin/brin.c
    +++ b/src/backend/access/brin/brin.c
    @@ -894,7 +894,7 @@ brin_summarize_range(PG_FUNCTION_ARGS)
     
     	/* User must own the index (comparable to privileges needed for VACUUM) */
     	if (!pg_class_ownercheck(indexoid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX,
     					   RelationGetRelationName(indexRel));
     
     	/*
    @@ -965,7 +965,7 @@ brin_desummarize_range(PG_FUNCTION_ARGS)
     
     	/* User must own the index (comparable to privileges needed for VACUUM) */
     	if (!pg_class_ownercheck(indexoid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX,
     					   RelationGetRelationName(indexRel));
     
     	/*
    diff --git a/src/backend/access/gin/ginfast.c b/src/backend/access/gin/ginfast.c
    index 95c8bd7b43..5010f608e0 100644
    --- a/src/backend/access/gin/ginfast.c
    +++ b/src/backend/access/gin/ginfast.c
    @@ -1035,7 +1035,7 @@ gin_clean_pending_list(PG_FUNCTION_ARGS)
     
     	/* User must own the index (comparable to privileges needed for VACUUM) */
     	if (!pg_class_ownercheck(indexoid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX,
     					   RelationGetRelationName(indexRel));
     
     	memset(&stats, 0, sizeof(stats));
    diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
    index 06c2086295..d097ab1d62 100644
    --- a/src/backend/catalog/aclchk.c
    +++ b/src/backend/catalog/aclchk.c
    @@ -132,9 +132,9 @@ static const char *privilege_to_string(AclMode privilege);
     static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions,
     						 bool all_privs, AclMode privileges,
     						 Oid objectId, Oid grantorId,
    -						 AclObjectKind objkind, const char *objname,
    +						 ObjectType objtype, const char *objname,
     						 AttrNumber att_number, const char *colname);
    -static AclMode pg_aclmask(AclObjectKind objkind, Oid table_oid, AttrNumber attnum,
    +static AclMode pg_aclmask(ObjectType objtype, Oid table_oid, AttrNumber attnum,
     		   Oid roleid, AclMode mask, AclMaskHow how);
     static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid,
     						Acl *new_acl);
    @@ -236,56 +236,56 @@ merge_acl_with_grant(Acl *old_acl, bool is_grant,
     static AclMode
     restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
     						 AclMode privileges, Oid objectId, Oid grantorId,
    -						 AclObjectKind objkind, const char *objname,
    +						 ObjectType objtype, const char *objname,
     						 AttrNumber att_number, const char *colname)
     {
     	AclMode		this_privileges;
     	AclMode		whole_mask;
     
    -	switch (objkind)
    +	switch (objtype)
     	{
    -		case ACL_KIND_COLUMN:
    +		case OBJECT_COLUMN:
     			whole_mask = ACL_ALL_RIGHTS_COLUMN;
     			break;
    -		case ACL_KIND_CLASS:
    +		case OBJECT_RELATION:
     			whole_mask = ACL_ALL_RIGHTS_RELATION;
     			break;
    -		case ACL_KIND_SEQUENCE:
    +		case OBJECT_SEQUENCE:
     			whole_mask = ACL_ALL_RIGHTS_SEQUENCE;
     			break;
    -		case ACL_KIND_DATABASE:
    +		case OBJECT_DATABASE:
     			whole_mask = ACL_ALL_RIGHTS_DATABASE;
     			break;
    -		case ACL_KIND_PROC:
    +		case OBJECT_FUNCTION:
     			whole_mask = ACL_ALL_RIGHTS_FUNCTION;
     			break;
    -		case ACL_KIND_LANGUAGE:
    +		case OBJECT_LANGUAGE:
     			whole_mask = ACL_ALL_RIGHTS_LANGUAGE;
     			break;
    -		case ACL_KIND_LARGEOBJECT:
    +		case OBJECT_LARGEOBJECT:
     			whole_mask = ACL_ALL_RIGHTS_LARGEOBJECT;
     			break;
    -		case ACL_KIND_NAMESPACE:
    +		case OBJECT_SCHEMA:
     			whole_mask = ACL_ALL_RIGHTS_SCHEMA;
     			break;
    -		case ACL_KIND_TABLESPACE:
    +		case OBJECT_TABLESPACE:
     			whole_mask = ACL_ALL_RIGHTS_TABLESPACE;
     			break;
    -		case ACL_KIND_FDW:
    +		case OBJECT_FDW:
     			whole_mask = ACL_ALL_RIGHTS_FDW;
     			break;
    -		case ACL_KIND_FOREIGN_SERVER:
    +		case OBJECT_FOREIGN_SERVER:
     			whole_mask = ACL_ALL_RIGHTS_FOREIGN_SERVER;
     			break;
    -		case ACL_KIND_EVENT_TRIGGER:
    +		case OBJECT_EVENT_TRIGGER:
     			elog(ERROR, "grantable rights not supported for event triggers");
     			/* not reached, but keep compiler quiet */
     			return ACL_NO_RIGHTS;
    -		case ACL_KIND_TYPE:
    +		case OBJECT_TYPE:
     			whole_mask = ACL_ALL_RIGHTS_TYPE;
     			break;
     		default:
    -			elog(ERROR, "unrecognized object kind: %d", objkind);
    +			elog(ERROR, "unrecognized object type: %d", objtype);
     			/* not reached, but keep compiler quiet */
     			return ACL_NO_RIGHTS;
     	}
    @@ -297,14 +297,14 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
     	 */
     	if (avail_goptions == ACL_NO_RIGHTS)
     	{
    -		if (pg_aclmask(objkind, objectId, att_number, grantorId,
    +		if (pg_aclmask(objtype, objectId, att_number, grantorId,
     					   whole_mask | ACL_GRANT_OPTION_FOR(whole_mask),
     					   ACLMASK_ANY) == ACL_NO_RIGHTS)
     		{
    -			if (objkind == ACL_KIND_COLUMN && colname)
    -				aclcheck_error_col(ACLCHECK_NO_PRIV, objkind, objname, colname);
    +			if (objtype == OBJECT_COLUMN && colname)
    +				aclcheck_error_col(ACLCHECK_NO_PRIV, objtype, objname, colname);
     			else
    -				aclcheck_error(ACLCHECK_NO_PRIV, objkind, objname);
    +				aclcheck_error(ACLCHECK_NO_PRIV, objtype, objname);
     		}
     	}
     
    @@ -320,7 +320,7 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
     	{
     		if (this_privileges == 0)
     		{
    -			if (objkind == ACL_KIND_COLUMN && colname)
    +			if (objtype == OBJECT_COLUMN && colname)
     				ereport(WARNING,
     						(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
     						 errmsg("no privileges were granted for column \"%s\" of relation \"%s\"",
    @@ -333,7 +333,7 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
     		}
     		else if (!all_privs && this_privileges != privileges)
     		{
    -			if (objkind == ACL_KIND_COLUMN && colname)
    +			if (objtype == OBJECT_COLUMN && colname)
     				ereport(WARNING,
     						(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
     						 errmsg("not all privileges were granted for column \"%s\" of relation \"%s\"",
    @@ -349,7 +349,7 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
     	{
     		if (this_privileges == 0)
     		{
    -			if (objkind == ACL_KIND_COLUMN && colname)
    +			if (objtype == OBJECT_COLUMN && colname)
     				ereport(WARNING,
     						(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
     						 errmsg("no privileges could be revoked for column \"%s\" of relation \"%s\"",
    @@ -362,7 +362,7 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
     		}
     		else if (!all_privs && this_privileges != privileges)
     		{
    -			if (objkind == ACL_KIND_COLUMN && colname)
    +			if (objtype == OBJECT_COLUMN && colname)
     				ereport(WARNING,
     						(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
     						 errmsg("not all privileges could be revoked for column \"%s\" of relation \"%s\"",
    @@ -1721,7 +1721,7 @@ ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname,
     		restrict_and_check_grant(istmt->is_grant, avail_goptions,
     								 (col_privileges == ACL_ALL_RIGHTS_COLUMN),
     								 col_privileges,
    -								 relOid, grantorId, ACL_KIND_COLUMN,
    +								 relOid, grantorId, OBJECT_COLUMN,
     								 relname, attnum,
     								 NameStr(pg_attribute_tuple->attname));
     
    @@ -1975,7 +1975,7 @@ ExecGrant_Relation(InternalGrant *istmt)
     			bool		replaces[Natts_pg_class];
     			int			nnewmembers;
     			Oid		   *newmembers;
    -			AclObjectKind aclkind;
    +			ObjectType	objtype;
     
     			/* Determine ID to do the grant as, and available grant options */
     			select_best_grantor(GetUserId(), this_privileges,
    @@ -1985,10 +1985,10 @@ ExecGrant_Relation(InternalGrant *istmt)
     			switch (pg_class_tuple->relkind)
     			{
     				case RELKIND_SEQUENCE:
    -					aclkind = ACL_KIND_SEQUENCE;
    +					objtype = OBJECT_SEQUENCE;
     					break;
     				default:
    -					aclkind = ACL_KIND_CLASS;
    +					objtype = OBJECT_RELATION;
     					break;
     			}
     
    @@ -1999,7 +1999,7 @@ ExecGrant_Relation(InternalGrant *istmt)
     			this_privileges =
     				restrict_and_check_grant(istmt->is_grant, avail_goptions,
     										 istmt->all_privs, this_privileges,
    -										 relOid, grantorId, aclkind,
    +										 relOid, grantorId, objtype,
     										 NameStr(pg_class_tuple->relname),
     										 0, NULL);
     
    @@ -2193,7 +2193,7 @@ ExecGrant_Database(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 datId, grantorId, ACL_KIND_DATABASE,
    +									 datId, grantorId, OBJECT_DATABASE,
     									 NameStr(pg_database_tuple->datname),
     									 0, NULL);
     
    @@ -2315,7 +2315,7 @@ ExecGrant_Fdw(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 fdwid, grantorId, ACL_KIND_FDW,
    +									 fdwid, grantorId, OBJECT_FDW,
     									 NameStr(pg_fdw_tuple->fdwname),
     									 0, NULL);
     
    @@ -2441,7 +2441,7 @@ ExecGrant_ForeignServer(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 srvid, grantorId, ACL_KIND_FOREIGN_SERVER,
    +									 srvid, grantorId, OBJECT_FOREIGN_SERVER,
     									 NameStr(pg_server_tuple->srvname),
     									 0, NULL);
     
    @@ -2565,7 +2565,7 @@ ExecGrant_Function(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 funcId, grantorId, ACL_KIND_PROC,
    +									 funcId, grantorId, OBJECT_FUNCTION,
     									 NameStr(pg_proc_tuple->proname),
     									 0, NULL);
     
    @@ -2696,7 +2696,7 @@ ExecGrant_Language(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 langId, grantorId, ACL_KIND_LANGUAGE,
    +									 langId, grantorId, OBJECT_LANGUAGE,
     									 NameStr(pg_language_tuple->lanname),
     									 0, NULL);
     
    @@ -2835,7 +2835,7 @@ ExecGrant_Largeobject(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 loid, grantorId, ACL_KIND_LARGEOBJECT,
    +									 loid, grantorId, OBJECT_LARGEOBJECT,
     									 loname, 0, NULL);
     
     		/*
    @@ -2960,7 +2960,7 @@ ExecGrant_Namespace(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 nspid, grantorId, ACL_KIND_NAMESPACE,
    +									 nspid, grantorId, OBJECT_SCHEMA,
     									 NameStr(pg_namespace_tuple->nspname),
     									 0, NULL);
     
    @@ -3084,7 +3084,7 @@ ExecGrant_Tablespace(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 tblId, grantorId, ACL_KIND_TABLESPACE,
    +									 tblId, grantorId, OBJECT_TABLESPACE,
     									 NameStr(pg_tablespace_tuple->spcname),
     									 0, NULL);
     
    @@ -3218,7 +3218,7 @@ ExecGrant_Type(InternalGrant *istmt)
     		this_privileges =
     			restrict_and_check_grant(istmt->is_grant, avail_goptions,
     									 istmt->all_privs, istmt->privileges,
    -									 typId, grantorId, ACL_KIND_TYPE,
    +									 typId, grantorId, OBJECT_TYPE,
     									 NameStr(pg_type_tuple->typname),
     									 0, NULL);
     
    @@ -3347,114 +3347,8 @@ privilege_to_string(AclMode privilege)
      * Note: we do not double-quote the %s's below, because many callers
      * supply strings that might be already quoted.
      */
    -
    -static const char *const no_priv_msg[MAX_ACL_KIND] =
    -{
    -	/* ACL_KIND_COLUMN */
    -	gettext_noop("permission denied for column %s"),
    -	/* ACL_KIND_CLASS */
    -	gettext_noop("permission denied for relation %s"),
    -	/* ACL_KIND_SEQUENCE */
    -	gettext_noop("permission denied for sequence %s"),
    -	/* ACL_KIND_DATABASE */
    -	gettext_noop("permission denied for database %s"),
    -	/* ACL_KIND_PROC */
    -	gettext_noop("permission denied for function %s"),
    -	/* ACL_KIND_OPER */
    -	gettext_noop("permission denied for operator %s"),
    -	/* ACL_KIND_TYPE */
    -	gettext_noop("permission denied for type %s"),
    -	/* ACL_KIND_LANGUAGE */
    -	gettext_noop("permission denied for language %s"),
    -	/* ACL_KIND_LARGEOBJECT */
    -	gettext_noop("permission denied for large object %s"),
    -	/* ACL_KIND_NAMESPACE */
    -	gettext_noop("permission denied for schema %s"),
    -	/* ACL_KIND_OPCLASS */
    -	gettext_noop("permission denied for operator class %s"),
    -	/* ACL_KIND_OPFAMILY */
    -	gettext_noop("permission denied for operator family %s"),
    -	/* ACL_KIND_COLLATION */
    -	gettext_noop("permission denied for collation %s"),
    -	/* ACL_KIND_CONVERSION */
    -	gettext_noop("permission denied for conversion %s"),
    -	/* ACL_KIND_STATISTICS */
    -	gettext_noop("permission denied for statistics object %s"),
    -	/* ACL_KIND_TABLESPACE */
    -	gettext_noop("permission denied for tablespace %s"),
    -	/* ACL_KIND_TSDICTIONARY */
    -	gettext_noop("permission denied for text search dictionary %s"),
    -	/* ACL_KIND_TSCONFIGURATION */
    -	gettext_noop("permission denied for text search configuration %s"),
    -	/* ACL_KIND_FDW */
    -	gettext_noop("permission denied for foreign-data wrapper %s"),
    -	/* ACL_KIND_FOREIGN_SERVER */
    -	gettext_noop("permission denied for foreign server %s"),
    -	/* ACL_KIND_EVENT_TRIGGER */
    -	gettext_noop("permission denied for event trigger %s"),
    -	/* ACL_KIND_EXTENSION */
    -	gettext_noop("permission denied for extension %s"),
    -	/* ACL_KIND_PUBLICATION */
    -	gettext_noop("permission denied for publication %s"),
    -	/* ACL_KIND_SUBSCRIPTION */
    -	gettext_noop("permission denied for subscription %s"),
    -};
    -
    -static const char *const not_owner_msg[MAX_ACL_KIND] =
    -{
    -	/* ACL_KIND_COLUMN */
    -	gettext_noop("must be owner of relation %s"),
    -	/* ACL_KIND_CLASS */
    -	gettext_noop("must be owner of relation %s"),
    -	/* ACL_KIND_SEQUENCE */
    -	gettext_noop("must be owner of sequence %s"),
    -	/* ACL_KIND_DATABASE */
    -	gettext_noop("must be owner of database %s"),
    -	/* ACL_KIND_PROC */
    -	gettext_noop("must be owner of function %s"),
    -	/* ACL_KIND_OPER */
    -	gettext_noop("must be owner of operator %s"),
    -	/* ACL_KIND_TYPE */
    -	gettext_noop("must be owner of type %s"),
    -	/* ACL_KIND_LANGUAGE */
    -	gettext_noop("must be owner of language %s"),
    -	/* ACL_KIND_LARGEOBJECT */
    -	gettext_noop("must be owner of large object %s"),
    -	/* ACL_KIND_NAMESPACE */
    -	gettext_noop("must be owner of schema %s"),
    -	/* ACL_KIND_OPCLASS */
    -	gettext_noop("must be owner of operator class %s"),
    -	/* ACL_KIND_OPFAMILY */
    -	gettext_noop("must be owner of operator family %s"),
    -	/* ACL_KIND_COLLATION */
    -	gettext_noop("must be owner of collation %s"),
    -	/* ACL_KIND_CONVERSION */
    -	gettext_noop("must be owner of conversion %s"),
    -	/* ACL_KIND_STATISTICS */
    -	gettext_noop("must be owner of statistics object %s"),
    -	/* ACL_KIND_TABLESPACE */
    -	gettext_noop("must be owner of tablespace %s"),
    -	/* ACL_KIND_TSDICTIONARY */
    -	gettext_noop("must be owner of text search dictionary %s"),
    -	/* ACL_KIND_TSCONFIGURATION */
    -	gettext_noop("must be owner of text search configuration %s"),
    -	/* ACL_KIND_FDW */
    -	gettext_noop("must be owner of foreign-data wrapper %s"),
    -	/* ACL_KIND_FOREIGN_SERVER */
    -	gettext_noop("must be owner of foreign server %s"),
    -	/* ACL_KIND_EVENT_TRIGGER */
    -	gettext_noop("must be owner of event trigger %s"),
    -	/* ACL_KIND_EXTENSION */
    -	gettext_noop("must be owner of extension %s"),
    -	/* ACL_KIND_PUBLICATION */
    -	gettext_noop("must be owner of publication %s"),
    -	/* ACL_KIND_SUBSCRIPTION */
    -	gettext_noop("must be owner of subscription %s"),
    -};
    -
    -
     void
    -aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
    +aclcheck_error(AclResult aclerr, ObjectType objtype,
     			   const char *objectname)
     {
     	switch (aclerr)
    @@ -3463,15 +3357,275 @@ aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
     			/* no error, so return to caller */
     			break;
     		case ACLCHECK_NO_PRIV:
    -			ereport(ERROR,
    -					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
    -					 errmsg(no_priv_msg[objectkind], objectname)));
    -			break;
    +			{
    +				const char *msg;
    +
    +				switch (objtype)
    +				{
    +					case OBJECT_AGGREGATE:
    +						msg = gettext_noop("permission denied for aggregate %s");
    +						break;
    +					case OBJECT_COLLATION:
    +						msg = gettext_noop("permission denied for collation %s");
    +						break;
    +					case OBJECT_COLUMN:
    +						msg = gettext_noop("permission denied for column %s");
    +						break;
    +					case OBJECT_CONVERSION:
    +						msg = gettext_noop("permission denied for conversion %s");
    +						break;
    +					case OBJECT_DATABASE:
    +						msg = gettext_noop("permission denied for database %s");
    +						break;
    +					case OBJECT_DOMAIN:
    +						msg = gettext_noop("permission denied for domain %s");
    +						break;
    +					case OBJECT_EVENT_TRIGGER:
    +						msg = gettext_noop("permission denied for event trigger %s");
    +						break;
    +					case OBJECT_EXTENSION:
    +						msg = gettext_noop("permission denied for extension %s");
    +						break;
    +					case OBJECT_FDW:
    +						msg = gettext_noop("permission denied for foreign-data wrapper %s");
    +						break;
    +					case OBJECT_FOREIGN_SERVER:
    +						msg = gettext_noop("permission denied for foreign server %s");
    +						break;
    +					case OBJECT_FOREIGN_TABLE:
    +						msg = gettext_noop("permission denied for foreign table %s");
    +						break;
    +					case OBJECT_FUNCTION:
    +						msg = gettext_noop("permission denied for function %s");
    +						break;
    +					case OBJECT_INDEX:
    +						msg = gettext_noop("permission denied for index %s");
    +						break;
    +					case OBJECT_LANGUAGE:
    +						msg = gettext_noop("permission denied for language %s");
    +						break;
    +					case OBJECT_LARGEOBJECT:
    +						msg = gettext_noop("permission denied for large object %s");
    +						break;
    +					case OBJECT_MATVIEW:
    +						msg = gettext_noop("permission denied for materialized view %s");
    +						break;
    +					case OBJECT_OPCLASS:
    +						msg = gettext_noop("permission denied for operator class %s");
    +						break;
    +					case OBJECT_OPERATOR:
    +						msg = gettext_noop("permission denied for operator %s");
    +						break;
    +					case OBJECT_OPFAMILY:
    +						msg = gettext_noop("permission denied for operator family %s");
    +						break;
    +					case OBJECT_POLICY:
    +						msg = gettext_noop("permission denied for policy %s");
    +						break;
    +					case OBJECT_PROCEDURE:
    +						msg = gettext_noop("permission denied for procedure %s");
    +						break;
    +					case OBJECT_PUBLICATION:
    +						msg = gettext_noop("permission denied for publication %s");
    +						break;
    +					case OBJECT_RELATION:
    +						msg = gettext_noop("permission denied for relation %s");
    +						break;
    +					case OBJECT_ROUTINE:
    +						msg = gettext_noop("permission denied for routine %s");
    +						break;
    +					case OBJECT_SCHEMA:
    +						msg = gettext_noop("permission denied for schema %s");
    +						break;
    +					case OBJECT_SEQUENCE:
    +						msg = gettext_noop("permission denied for sequence %s");
    +						break;
    +					case OBJECT_STATISTIC_EXT:
    +						msg = gettext_noop("permission denied for statistics object %s");
    +						break;
    +					case OBJECT_SUBSCRIPTION:
    +						msg = gettext_noop("permission denied for subscription %s");
    +						break;
    +					case OBJECT_TABLE:
    +						msg = gettext_noop("permission denied for table %s");
    +						break;
    +					case OBJECT_TABLESPACE:
    +						msg = gettext_noop("permission denied for tablespace %s");
    +						break;
    +					case OBJECT_TSCONFIGURATION:
    +						msg = gettext_noop("permission denied for text search configuration %s");
    +						break;
    +					case OBJECT_TSDICTIONARY:
    +						msg = gettext_noop("permission denied for text search dictionary %s");
    +						break;
    +					case OBJECT_TYPE:
    +						msg = gettext_noop("permission denied for type %s");
    +						break;
    +					case OBJECT_VIEW:
    +						msg = gettext_noop("permission denied for view %s");
    +						break;
    +					/* these currently aren't used */
    +					case OBJECT_ACCESS_METHOD:
    +					case OBJECT_AMOP:
    +					case OBJECT_AMPROC:
    +					case OBJECT_ATTRIBUTE:
    +					case OBJECT_CAST:
    +					case OBJECT_DEFAULT:
    +					case OBJECT_DEFACL:
    +					case OBJECT_DOMCONSTRAINT:
    +					case OBJECT_PUBLICATION_REL:
    +					case OBJECT_ROLE:
    +					case OBJECT_RULE:
    +					case OBJECT_TABCONSTRAINT:
    +					case OBJECT_TRANSFORM:
    +					case OBJECT_TRIGGER:
    +					case OBJECT_TSPARSER:
    +					case OBJECT_TSTEMPLATE:
    +					case OBJECT_USER_MAPPING:
    +						elog(ERROR, "unsupported object type %d", objtype);
    +						msg = "???";
    +				}
    +
    +				ereport(ERROR,
    +						(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
    +						 errmsg(msg, objectname)));
    +				break;
    +			}
     		case ACLCHECK_NOT_OWNER:
    -			ereport(ERROR,
    -					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
    -					 errmsg(not_owner_msg[objectkind], objectname)));
    -			break;
    +			{
    +				const char *msg;
    +
    +				switch (objtype)
    +				{
    +					case OBJECT_AGGREGATE:
    +						msg = gettext_noop("must be owner of aggregate %s");
    +						break;
    +					case OBJECT_COLLATION:
    +						msg = gettext_noop("must be owner of collation %s");
    +						break;
    +					case OBJECT_COLUMN:
    +						msg = gettext_noop("must be owner of relation %s");
    +						break;
    +					case OBJECT_CONVERSION:
    +						msg = gettext_noop("must be owner of conversion %s");
    +						break;
    +					case OBJECT_DATABASE:
    +						msg = gettext_noop("must be owner of database %s");
    +						break;
    +					case OBJECT_DOMAIN:
    +						msg = gettext_noop("must be owner of domain %s");
    +						break;
    +					case OBJECT_EVENT_TRIGGER:
    +						msg = gettext_noop("must be owner of event trigger %s");
    +						break;
    +					case OBJECT_EXTENSION:
    +						msg = gettext_noop("must be owner of extension %s");
    +						break;
    +					case OBJECT_FDW:
    +						msg = gettext_noop("must be owner of foreign-data wrapper %s");
    +						break;
    +					case OBJECT_FOREIGN_SERVER:
    +						msg = gettext_noop("must be owner of foreign server %s");
    +						break;
    +					case OBJECT_FOREIGN_TABLE:
    +						msg = gettext_noop("must be owner of foreign table %s");
    +						break;
    +					case OBJECT_FUNCTION:
    +						msg = gettext_noop("must be owner of function %s");
    +						break;
    +					case OBJECT_INDEX:
    +						msg = gettext_noop("must be owner of index %s");
    +						break;
    +					case OBJECT_LANGUAGE:
    +						msg = gettext_noop("must be owner of language %s");
    +						break;
    +					case OBJECT_LARGEOBJECT:
    +						msg = gettext_noop("must be owner of large object %s");
    +						break;
    +					case OBJECT_MATVIEW:
    +						msg = gettext_noop("must be owner of materialized view %s");
    +						break;
    +					case OBJECT_OPCLASS:
    +						msg = gettext_noop("must be owner of operator class %s");
    +						break;
    +					case OBJECT_OPERATOR:
    +						msg = gettext_noop("must be owner of operator %s");
    +						break;
    +					case OBJECT_OPFAMILY:
    +						msg = gettext_noop("must be owner of operator family %s");
    +						break;
    +					case OBJECT_POLICY:
    +						msg = gettext_noop("must be owner of relation %s");
    +						break;
    +					case OBJECT_PROCEDURE:
    +						msg = gettext_noop("must be owner of procedure %s");
    +						break;
    +					case OBJECT_PUBLICATION:
    +						msg = gettext_noop("must be owner of publication %s");
    +						break;
    +					case OBJECT_RELATION:
    +						msg = gettext_noop("must be owner of relation %s");
    +						break;
    +					case OBJECT_ROUTINE:
    +						msg = gettext_noop("must be owner of routine %s");
    +						break;
    +					case OBJECT_SEQUENCE:
    +						msg = gettext_noop("must be owner of sequence %s");
    +						break;
    +					case OBJECT_SUBSCRIPTION:
    +						msg = gettext_noop("must be owner of subscription %s");
    +						break;
    +					case OBJECT_TABLE:
    +						msg = gettext_noop("must be owner of table %s");
    +						break;
    +					case OBJECT_TYPE:
    +						msg = gettext_noop("must be owner of type %s");
    +						break;
    +					case OBJECT_VIEW:
    +						msg = gettext_noop("must be owner of view %s");
    +						break;
    +					case OBJECT_SCHEMA:
    +						msg = gettext_noop("must be owner of schema %s");
    +						break;
    +					case OBJECT_STATISTIC_EXT:
    +						msg = gettext_noop("must be owner of statistics object %s");
    +						break;
    +					case OBJECT_TABLESPACE:
    +						msg = gettext_noop("must be owner of tablespace %s");
    +						break;
    +					case OBJECT_TSCONFIGURATION:
    +						msg = gettext_noop("must be owner of text search configuration %s");
    +						break;
    +					case OBJECT_TSDICTIONARY:
    +						msg = gettext_noop("must be owner of text search dictionary %s");
    +						break;
    +					/* these currently aren't used */
    +					case OBJECT_ACCESS_METHOD:
    +					case OBJECT_AMOP:
    +					case OBJECT_AMPROC:
    +					case OBJECT_ATTRIBUTE:
    +					case OBJECT_CAST:
    +					case OBJECT_DEFAULT:
    +					case OBJECT_DEFACL:
    +					case OBJECT_DOMCONSTRAINT:
    +					case OBJECT_PUBLICATION_REL:
    +					case OBJECT_ROLE:
    +					case OBJECT_RULE:
    +					case OBJECT_TABCONSTRAINT:
    +					case OBJECT_TRANSFORM:
    +					case OBJECT_TRIGGER:
    +					case OBJECT_TSPARSER:
    +					case OBJECT_TSTEMPLATE:
    +					case OBJECT_USER_MAPPING:
    +						elog(ERROR, "unsupported object type %d", objtype);
    +						msg = "???";
    +				}
    +
    +				ereport(ERROR,
    +						(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
    +						 errmsg(msg, objectname)));
    +				break;
    +			}
     		default:
     			elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
     			break;
    @@ -3480,7 +3634,7 @@ aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
     
     
     void
    -aclcheck_error_col(AclResult aclerr, AclObjectKind objectkind,
    +aclcheck_error_col(AclResult aclerr, ObjectType objtype,
     				   const char *objectname, const char *colname)
     {
     	switch (aclerr)
    @@ -3496,9 +3650,7 @@ aclcheck_error_col(AclResult aclerr, AclObjectKind objectkind,
     			break;
     		case ACLCHECK_NOT_OWNER:
     			/* relation msg is OK since columns don't have separate owners */
    -			ereport(ERROR,
    -					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
    -					 errmsg(not_owner_msg[objectkind], objectname)));
    +			aclcheck_error(aclerr, objtype, objectname);
     			break;
     		default:
     			elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
    @@ -3516,7 +3668,7 @@ aclcheck_error_type(AclResult aclerr, Oid typeOid)
     {
     	Oid			element_type = get_element_type(typeOid);
     
    -	aclcheck_error(aclerr, ACL_KIND_TYPE, format_type_be(element_type ? element_type : typeOid));
    +	aclcheck_error(aclerr, OBJECT_TYPE, format_type_be(element_type ? element_type : typeOid));
     }
     
     
    @@ -3524,48 +3676,48 @@ aclcheck_error_type(AclResult aclerr, Oid typeOid)
      * Relay for the various pg_*_mask routines depending on object kind
      */
     static AclMode
    -pg_aclmask(AclObjectKind objkind, Oid table_oid, AttrNumber attnum, Oid roleid,
    +pg_aclmask(ObjectType objtype, Oid table_oid, AttrNumber attnum, Oid roleid,
     		   AclMode mask, AclMaskHow how)
     {
    -	switch (objkind)
    +	switch (objtype)
     	{
    -		case ACL_KIND_COLUMN:
    +		case OBJECT_COLUMN:
     			return
     				pg_class_aclmask(table_oid, roleid, mask, how) |
     				pg_attribute_aclmask(table_oid, attnum, roleid, mask, how);
    -		case ACL_KIND_CLASS:
    -		case ACL_KIND_SEQUENCE:
    +		case OBJECT_RELATION:
    +		case OBJECT_SEQUENCE:
     			return pg_class_aclmask(table_oid, roleid, mask, how);
    -		case ACL_KIND_DATABASE:
    +		case OBJECT_DATABASE:
     			return pg_database_aclmask(table_oid, roleid, mask, how);
    -		case ACL_KIND_PROC:
    +		case OBJECT_FUNCTION:
     			return pg_proc_aclmask(table_oid, roleid, mask, how);
    -		case ACL_KIND_LANGUAGE:
    +		case OBJECT_LANGUAGE:
     			return pg_language_aclmask(table_oid, roleid, mask, how);
    -		case ACL_KIND_LARGEOBJECT:
    +		case OBJECT_LARGEOBJECT:
     			return pg_largeobject_aclmask_snapshot(table_oid, roleid,
     												   mask, how, NULL);
    -		case ACL_KIND_NAMESPACE:
    +		case OBJECT_SCHEMA:
     			return pg_namespace_aclmask(table_oid, roleid, mask, how);
    -		case ACL_KIND_STATISTICS:
    +		case OBJECT_STATISTIC_EXT:
     			elog(ERROR, "grantable rights not supported for statistics objects");
     			/* not reached, but keep compiler quiet */
     			return ACL_NO_RIGHTS;
    -		case ACL_KIND_TABLESPACE:
    +		case OBJECT_TABLESPACE:
     			return pg_tablespace_aclmask(table_oid, roleid, mask, how);
    -		case ACL_KIND_FDW:
    +		case OBJECT_FDW:
     			return pg_foreign_data_wrapper_aclmask(table_oid, roleid, mask, how);
    -		case ACL_KIND_FOREIGN_SERVER:
    +		case OBJECT_FOREIGN_SERVER:
     			return pg_foreign_server_aclmask(table_oid, roleid, mask, how);
    -		case ACL_KIND_EVENT_TRIGGER:
    +		case OBJECT_EVENT_TRIGGER:
     			elog(ERROR, "grantable rights not supported for event triggers");
     			/* not reached, but keep compiler quiet */
     			return ACL_NO_RIGHTS;
    -		case ACL_KIND_TYPE:
    +		case OBJECT_TYPE:
     			return pg_type_aclmask(table_oid, roleid, mask, how);
     		default:
    -			elog(ERROR, "unrecognized objkind: %d",
    -				 (int) objkind);
    +			elog(ERROR, "unrecognized objtype: %d",
    +				 (int) objtype);
     			/* not reached, but keep compiler quiet */
     			return ACL_NO_RIGHTS;
     	}
    diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c
    index 0a2fb1b93a..89edaf1b7d 100644
    --- a/src/backend/catalog/namespace.c
    +++ b/src/backend/catalog/namespace.c
    @@ -560,7 +560,7 @@ RangeVarGetAndCheckCreationNamespace(RangeVar *relation,
     		/* Check namespace permissions. */
     		aclresult = pg_namespace_aclcheck(nspid, GetUserId(), ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +			aclcheck_error(aclresult, OBJECT_SCHEMA,
     						   get_namespace_name(nspid));
     
     		if (retry)
    @@ -585,7 +585,7 @@ RangeVarGetAndCheckCreationNamespace(RangeVar *relation,
     		if (lockmode != NoLock && OidIsValid(relid))
     		{
     			if (!pg_class_ownercheck(relid, GetUserId()))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     							   relation->relname);
     			if (relid != oldrelid)
     				LockRelationOid(relid, lockmode);
    @@ -2874,7 +2874,7 @@ LookupExplicitNamespace(const char *nspname, bool missing_ok)
     
     	aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_USAGE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   nspname);
     	/* Schema search hook for this lookup */
     	InvokeNamespaceSearchHook(namespaceId, true);
    @@ -2911,7 +2911,7 @@ LookupCreationNamespace(const char *nspname)
     
     	aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   nspname);
     
     	return namespaceId;
    diff --git a/src/backend/catalog/objectaddress.c b/src/backend/catalog/objectaddress.c
    index 0df9c9eac1..5cf0b11d5e 100644
    --- a/src/backend/catalog/objectaddress.c
    +++ b/src/backend/catalog/objectaddress.c
    @@ -104,7 +104,7 @@ typedef struct
     	AttrNumber	attnum_namespace;	/* attnum of namespace field */
     	AttrNumber	attnum_owner;	/* attnum of owner field */
     	AttrNumber	attnum_acl;		/* attnum of acl field */
    -	AclObjectKind acl_kind;		/* ACL_KIND_* of this object type */
    +	ObjectType	objtype;		/* OBJECT_* of this object type */
     	bool		is_nsp_name_unique; /* can the nsp/name combination (or name
     									 * alone, if there's no namespace) be
     									 * considered a unique identifier for an
    @@ -146,7 +146,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_collation_collnamespace,
     		Anum_pg_collation_collowner,
     		InvalidAttrNumber,
    -		ACL_KIND_COLLATION,
    +		OBJECT_COLLATION,
     		true
     	},
     	{
    @@ -170,7 +170,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_conversion_connamespace,
     		Anum_pg_conversion_conowner,
     		InvalidAttrNumber,
    -		ACL_KIND_CONVERSION,
    +		OBJECT_CONVERSION,
     		true
     	},
     	{
    @@ -182,7 +182,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_database_datdba,
     		Anum_pg_database_datacl,
    -		ACL_KIND_DATABASE,
    +		OBJECT_DATABASE,
     		true
     	},
     	{
    @@ -194,7 +194,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,		/* extension doesn't belong to extnamespace */
     		Anum_pg_extension_extowner,
     		InvalidAttrNumber,
    -		ACL_KIND_EXTENSION,
    +		OBJECT_EXTENSION,
     		true
     	},
     	{
    @@ -206,7 +206,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_foreign_data_wrapper_fdwowner,
     		Anum_pg_foreign_data_wrapper_fdwacl,
    -		ACL_KIND_FDW,
    +		OBJECT_FDW,
     		true
     	},
     	{
    @@ -218,7 +218,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_foreign_server_srvowner,
     		Anum_pg_foreign_server_srvacl,
    -		ACL_KIND_FOREIGN_SERVER,
    +		OBJECT_FOREIGN_SERVER,
     		true
     	},
     	{
    @@ -230,7 +230,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_proc_pronamespace,
     		Anum_pg_proc_proowner,
     		Anum_pg_proc_proacl,
    -		ACL_KIND_PROC,
    +		OBJECT_FUNCTION,
     		false
     	},
     	{
    @@ -242,7 +242,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_language_lanowner,
     		Anum_pg_language_lanacl,
    -		ACL_KIND_LANGUAGE,
    +		OBJECT_LANGUAGE,
     		true
     	},
     	{
    @@ -254,7 +254,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_largeobject_metadata_lomowner,
     		Anum_pg_largeobject_metadata_lomacl,
    -		ACL_KIND_LARGEOBJECT,
    +		OBJECT_LARGEOBJECT,
     		false
     	},
     	{
    @@ -266,7 +266,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_opclass_opcnamespace,
     		Anum_pg_opclass_opcowner,
     		InvalidAttrNumber,
    -		ACL_KIND_OPCLASS,
    +		OBJECT_OPCLASS,
     		true
     	},
     	{
    @@ -278,7 +278,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_operator_oprnamespace,
     		Anum_pg_operator_oprowner,
     		InvalidAttrNumber,
    -		ACL_KIND_OPER,
    +		OBJECT_OPERATOR,
     		false
     	},
     	{
    @@ -290,7 +290,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_opfamily_opfnamespace,
     		Anum_pg_opfamily_opfowner,
     		InvalidAttrNumber,
    -		ACL_KIND_OPFAMILY,
    +		OBJECT_OPFAMILY,
     		true
     	},
     	{
    @@ -326,7 +326,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_namespace_nspowner,
     		Anum_pg_namespace_nspacl,
    -		ACL_KIND_NAMESPACE,
    +		OBJECT_SCHEMA,
     		true
     	},
     	{
    @@ -338,7 +338,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_class_relnamespace,
     		Anum_pg_class_relowner,
     		Anum_pg_class_relacl,
    -		ACL_KIND_CLASS,
    +		OBJECT_RELATION,
     		true
     	},
     	{
    @@ -350,7 +350,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_tablespace_spcowner,
     		Anum_pg_tablespace_spcacl,
    -		ACL_KIND_TABLESPACE,
    +		OBJECT_TABLESPACE,
     		true
     	},
     	{
    @@ -392,7 +392,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_event_trigger_evtowner,
     		InvalidAttrNumber,
    -		ACL_KIND_EVENT_TRIGGER,
    +		OBJECT_EVENT_TRIGGER,
     		true
     	},
     	{
    @@ -404,7 +404,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_ts_config_cfgnamespace,
     		Anum_pg_ts_config_cfgowner,
     		InvalidAttrNumber,
    -		ACL_KIND_TSCONFIGURATION,
    +		OBJECT_TSCONFIGURATION,
     		true
     	},
     	{
    @@ -416,7 +416,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_ts_dict_dictnamespace,
     		Anum_pg_ts_dict_dictowner,
     		InvalidAttrNumber,
    -		ACL_KIND_TSDICTIONARY,
    +		OBJECT_TSDICTIONARY,
     		true
     	},
     	{
    @@ -452,7 +452,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_type_typnamespace,
     		Anum_pg_type_typowner,
     		Anum_pg_type_typacl,
    -		ACL_KIND_TYPE,
    +		OBJECT_TYPE,
     		true
     	},
     	{
    @@ -464,7 +464,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_publication_pubowner,
     		InvalidAttrNumber,
    -		ACL_KIND_PUBLICATION,
    +		OBJECT_PUBLICATION,
     		true
     	},
     	{
    @@ -476,7 +476,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		InvalidAttrNumber,
     		Anum_pg_subscription_subowner,
     		InvalidAttrNumber,
    -		ACL_KIND_SUBSCRIPTION,
    +		OBJECT_SUBSCRIPTION,
     		true
     	},
     	{
    @@ -488,7 +488,7 @@ static const ObjectPropertyType ObjectProperty[] =
     		Anum_pg_statistic_ext_stxnamespace,
     		Anum_pg_statistic_ext_stxowner,
     		InvalidAttrNumber,		/* no ACL (same as relation) */
    -		ACL_KIND_STATISTICS,
    +		OBJECT_STATISTIC_EXT,
     		true
     	}
     };
    @@ -2242,12 +2242,12 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address,
     		case OBJECT_POLICY:
     		case OBJECT_TABCONSTRAINT:
     			if (!pg_class_ownercheck(RelationGetRelid(relation), roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   RelationGetRelationName(relation));
     			break;
     		case OBJECT_DATABASE:
     			if (!pg_database_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_TYPE:
    @@ -2262,62 +2262,62 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address,
     		case OBJECT_PROCEDURE:
     		case OBJECT_ROUTINE:
     			if (!pg_proc_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   NameListToString((castNode(ObjectWithArgs, object))->objname));
     			break;
     		case OBJECT_OPERATOR:
     			if (!pg_oper_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   NameListToString((castNode(ObjectWithArgs, object))->objname));
     			break;
     		case OBJECT_SCHEMA:
     			if (!pg_namespace_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_COLLATION:
     			if (!pg_collation_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_COLLATION,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   NameListToString(castNode(List, object)));
     			break;
     		case OBJECT_CONVERSION:
     			if (!pg_conversion_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CONVERSION,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   NameListToString(castNode(List, object)));
     			break;
     		case OBJECT_EXTENSION:
     			if (!pg_extension_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EXTENSION,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_FDW:
     			if (!pg_foreign_data_wrapper_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FDW,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_FOREIGN_SERVER:
     			if (!pg_foreign_server_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FOREIGN_SERVER,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_EVENT_TRIGGER:
     			if (!pg_event_trigger_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EVENT_TRIGGER,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_LANGUAGE:
     			if (!pg_language_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_LANGUAGE,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_OPCLASS:
     			if (!pg_opclass_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPCLASS,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   NameListToString(castNode(List, object)));
     			break;
     		case OBJECT_OPFAMILY:
     			if (!pg_opfamily_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPFAMILY,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   NameListToString(castNode(List, object)));
     			break;
     		case OBJECT_LARGEOBJECT:
    @@ -2347,12 +2347,12 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address,
     			break;
     		case OBJECT_PUBLICATION:
     			if (!pg_publication_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PUBLICATION,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_SUBSCRIPTION:
     			if (!pg_subscription_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_TRANSFORM:
    @@ -2366,17 +2366,17 @@ check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address,
     			break;
     		case OBJECT_TABLESPACE:
     			if (!pg_tablespace_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TABLESPACE,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   strVal((Value *) object));
     			break;
     		case OBJECT_TSDICTIONARY:
     			if (!pg_ts_dict_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSDICTIONARY,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   NameListToString(castNode(List, object)));
     			break;
     		case OBJECT_TSCONFIGURATION:
     			if (!pg_ts_config_ownercheck(address.objectId, roleid))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSCONFIGURATION,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     							   NameListToString(castNode(List, object)));
     			break;
     		case OBJECT_ROLE:
    @@ -2540,12 +2540,12 @@ get_object_attnum_acl(Oid class_id)
     	return prop->attnum_acl;
     }
     
    -AclObjectKind
    -get_object_aclkind(Oid class_id)
    +ObjectType
    +get_object_type(Oid class_id)
     {
     	const ObjectPropertyType *prop = get_object_property_data(class_id);
     
    -	return prop->acl_kind;
    +	return prop->objtype;
     }
     
     bool
    diff --git a/src/backend/catalog/pg_aggregate.c b/src/backend/catalog/pg_aggregate.c
    index ca3fd819b4..603ef8aecf 100644
    --- a/src/backend/catalog/pg_aggregate.c
    +++ b/src/backend/catalog/pg_aggregate.c
    @@ -865,7 +865,7 @@ lookup_agg_function(List *fnName,
     	/* Check aggregate creator has permission to call the function */
     	aclresult = pg_proc_aclcheck(fnOid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(fnOid));
    +		aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(fnOid));
     
     	return fnOid;
     }
    diff --git a/src/backend/catalog/pg_operator.c b/src/backend/catalog/pg_operator.c
    index 61093dc473..75582df4aa 100644
    --- a/src/backend/catalog/pg_operator.c
    +++ b/src/backend/catalog/pg_operator.c
    @@ -425,7 +425,7 @@ OperatorCreate(const char *operatorName,
     	 */
     	if (OidIsValid(operatorObjectId) &&
     		!pg_oper_ownercheck(operatorObjectId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
     					   operatorName);
     
     	/*
    @@ -445,7 +445,7 @@ OperatorCreate(const char *operatorName,
     		/* Permission check: must own other operator */
     		if (OidIsValid(commutatorId) &&
     			!pg_oper_ownercheck(commutatorId, GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
     						   NameListToString(commutatorName));
     
     		/*
    @@ -470,7 +470,7 @@ OperatorCreate(const char *operatorName,
     		/* Permission check: must own other operator */
     		if (OidIsValid(negatorId) &&
     			!pg_oper_ownercheck(negatorId, GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
     						   NameListToString(negatorName));
     	}
     	else
    @@ -618,7 +618,7 @@ get_other_operator(List *otherOp, Oid otherLeftTypeId, Oid otherRightTypeId,
     	aclresult = pg_namespace_aclcheck(otherNamespace, GetUserId(),
     									  ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(otherNamespace));
     
     	other_oid = OperatorShellMake(otherName,
    diff --git a/src/backend/catalog/pg_proc.c b/src/backend/catalog/pg_proc.c
    index 2f3912b0e7..a2db360dc1 100644
    --- a/src/backend/catalog/pg_proc.c
    +++ b/src/backend/catalog/pg_proc.c
    @@ -400,7 +400,7 @@ ProcedureCreate(const char *procedureName,
     					 errmsg("function \"%s\" already exists with same argument types",
     							procedureName)));
     		if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup), proowner))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     						   procedureName);
     
     		/*
    diff --git a/src/backend/catalog/pg_type.c b/src/backend/catalog/pg_type.c
    index e1c6a3602d..ef56642575 100644
    --- a/src/backend/catalog/pg_type.c
    +++ b/src/backend/catalog/pg_type.c
    @@ -413,7 +413,7 @@ TypeCreate(Oid newTypeOid,
     		 * shell type must have been created by same owner
     		 */
     		if (((Form_pg_type) GETSTRUCT(tup))->typowner != ownerId)
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TYPE, typeName);
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TYPE, typeName);
     
     		/* trouble if caller wanted to force the OID */
     		if (OidIsValid(newTypeOid))
    diff --git a/src/backend/commands/aggregatecmds.c b/src/backend/commands/aggregatecmds.c
    index 2e2ee883e2..051dc6621c 100644
    --- a/src/backend/commands/aggregatecmds.c
    +++ b/src/backend/commands/aggregatecmds.c
    @@ -103,7 +103,7 @@ DefineAggregate(ParseState *pstate, List *name, List *args, bool oldstyle, List
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(aggNamespace, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(aggNamespace));
     
     	/* Deconstruct the output of the aggr_args grammar production */
    diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
    index 21e3f1efe1..fa9d47296a 100644
    --- a/src/backend/commands/alter.c
    +++ b/src/backend/commands/alter.c
    @@ -171,7 +171,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
     	AttrNumber	Anum_name = get_object_attnum_name(classId);
     	AttrNumber	Anum_namespace = get_object_attnum_namespace(classId);
     	AttrNumber	Anum_owner = get_object_attnum_owner(classId);
    -	AclObjectKind acl_kind = get_object_aclkind(classId);
    +	ObjectType	objtype = get_object_type(classId);
     	HeapTuple	oldtup;
     	HeapTuple	newtup;
     	Datum		datum;
    @@ -223,7 +223,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
     		ownerId = DatumGetObjectId(datum);
     
     		if (!has_privs_of_role(GetUserId(), DatumGetObjectId(ownerId)))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, acl_kind, old_name);
    +			aclcheck_error(ACLCHECK_NOT_OWNER, objtype, old_name);
     
     		/* User must have CREATE privilege on the namespace */
     		if (OidIsValid(namespaceId))
    @@ -231,7 +231,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
     			aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
     											  ACL_CREATE);
     			if (aclresult != ACLCHECK_OK)
    -				aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +				aclcheck_error(aclresult, OBJECT_SCHEMA,
     							   get_namespace_name(namespaceId));
     		}
     	}
    @@ -663,7 +663,7 @@ AlterObjectNamespace_internal(Relation rel, Oid objid, Oid nspOid)
     	AttrNumber	Anum_name = get_object_attnum_name(classId);
     	AttrNumber	Anum_namespace = get_object_attnum_namespace(classId);
     	AttrNumber	Anum_owner = get_object_attnum_owner(classId);
    -	AclObjectKind acl_kind = get_object_aclkind(classId);
    +	ObjectType	objtype = get_object_type(classId);
     	Oid			oldNspOid;
     	Datum		name,
     				namespace;
    @@ -719,13 +719,13 @@ AlterObjectNamespace_internal(Relation rel, Oid objid, Oid nspOid)
     		ownerId = DatumGetObjectId(owner);
     
     		if (!has_privs_of_role(GetUserId(), ownerId))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, acl_kind,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, objtype,
     						   NameStr(*(DatumGetName(name))));
     
     		/* User must have CREATE privilege on new namespace */
     		aclresult = pg_namespace_aclcheck(nspOid, GetUserId(), ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +			aclcheck_error(aclresult, OBJECT_SCHEMA,
     						   get_namespace_name(nspOid));
     	}
     
    @@ -942,7 +942,7 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)
     		/* Superusers can bypass permission checks */
     		if (!superuser())
     		{
    -			AclObjectKind aclkind = get_object_aclkind(classId);
    +			ObjectType objtype = get_object_type(classId);
     
     			/* must be owner */
     			if (!has_privs_of_role(GetUserId(), old_ownerId))
    @@ -963,7 +963,7 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)
     							 HeapTupleGetOid(oldtup));
     					objname = namebuf;
     				}
    -				aclcheck_error(ACLCHECK_NOT_OWNER, aclkind, objname);
    +				aclcheck_error(ACLCHECK_NOT_OWNER, objtype, objname);
     			}
     			/* Must be able to become new owner */
     			check_is_member_of_role(GetUserId(), new_ownerId);
    @@ -976,7 +976,7 @@ AlterObjectOwner_internal(Relation rel, Oid objectId, Oid new_ownerId)
     				aclresult = pg_namespace_aclcheck(namespaceId, new_ownerId,
     												  ACL_CREATE);
     				if (aclresult != ACLCHECK_OK)
    -					aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +					aclcheck_error(aclresult, OBJECT_SCHEMA,
     								   get_namespace_name(namespaceId));
     			}
     		}
    diff --git a/src/backend/commands/collationcmds.c b/src/backend/commands/collationcmds.c
    index 9437731276..09a3beca8f 100644
    --- a/src/backend/commands/collationcmds.c
    +++ b/src/backend/commands/collationcmds.c
    @@ -74,7 +74,7 @@ DefineCollation(ParseState *pstate, List *names, List *parameters, bool if_not_e
     
     	aclresult = pg_namespace_aclcheck(collNamespace, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(collNamespace));
     
     	foreach(pl, parameters)
    @@ -278,7 +278,7 @@ AlterCollation(AlterCollationStmt *stmt)
     	collOid = get_collation_oid(stmt->collname, false);
     
     	if (!pg_collation_ownercheck(collOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_COLLATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_COLLATION,
     					   NameListToString(stmt->collname));
     
     	tup = SearchSysCacheCopy1(COLLOID, ObjectIdGetDatum(collOid));
    diff --git a/src/backend/commands/conversioncmds.c b/src/backend/commands/conversioncmds.c
    index 9861d3df22..6a8bcd39a9 100644
    --- a/src/backend/commands/conversioncmds.c
    +++ b/src/backend/commands/conversioncmds.c
    @@ -55,7 +55,7 @@ CreateConversionCommand(CreateConversionStmt *stmt)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(namespaceId));
     
     	/* Check the encoding names */
    @@ -90,7 +90,7 @@ CreateConversionCommand(CreateConversionStmt *stmt)
     	/* Check we have EXECUTE rights for the function */
     	aclresult = pg_proc_aclcheck(funcoid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC,
    +		aclcheck_error(aclresult, OBJECT_FUNCTION,
     					   NameListToString(func_name));
     
     	/*
    diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
    index eb1a4695c0..b06374d451 100644
    --- a/src/backend/commands/dbcommands.c
    +++ b/src/backend/commands/dbcommands.c
    @@ -422,7 +422,7 @@ createdb(ParseState *pstate, const CreatedbStmt *stmt)
     		aclresult = pg_tablespace_aclcheck(dst_deftablespace, GetUserId(),
     										   ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
    +			aclcheck_error(aclresult, OBJECT_TABLESPACE,
     						   tablespacename);
     
     		/* pg_global must never be the default tablespace */
    @@ -822,7 +822,7 @@ dropdb(const char *dbname, bool missing_ok)
     	 * Permission checks
     	 */
     	if (!pg_database_ownercheck(db_id, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     					   dbname);
     
     	/* DROP hook for the database being removed */
    @@ -997,7 +997,7 @@ RenameDatabase(const char *oldname, const char *newname)
     
     	/* must be owner */
     	if (!pg_database_ownercheck(db_id, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     					   oldname);
     
     	/* must have createdb rights */
    @@ -1112,7 +1112,7 @@ movedb(const char *dbname, const char *tblspcname)
     	 * Permission checks
     	 */
     	if (!pg_database_ownercheck(db_id, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     					   dbname);
     
     	/*
    @@ -1134,7 +1134,7 @@ movedb(const char *dbname, const char *tblspcname)
     	aclresult = pg_tablespace_aclcheck(dst_tblspcoid, GetUserId(),
     									   ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
    +		aclcheck_error(aclresult, OBJECT_TABLESPACE,
     					   tblspcname);
     
     	/*
    @@ -1515,7 +1515,7 @@ AlterDatabase(ParseState *pstate, AlterDatabaseStmt *stmt, bool isTopLevel)
     	dboid = HeapTupleGetOid(tuple);
     
     	if (!pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     					   stmt->dbname);
     
     	/*
    @@ -1583,7 +1583,7 @@ AlterDatabaseSet(AlterDatabaseSetStmt *stmt)
     	shdepLockAndCheckObject(DatabaseRelationId, datid);
     
     	if (!pg_database_ownercheck(datid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     					   stmt->dbname);
     
     	AlterSetting(datid, InvalidOid, stmt->setstmt);
    @@ -1646,7 +1646,7 @@ AlterDatabaseOwner(const char *dbname, Oid newOwnerId)
     
     		/* Otherwise, must be owner of the existing object */
     		if (!pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     						   dbname);
     
     		/* Must be able to become new owner */
    diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c
    index 61ba310412..7a11096e50 100644
    --- a/src/backend/commands/event_trigger.c
    +++ b/src/backend/commands/event_trigger.c
    @@ -519,7 +519,7 @@ AlterEventTrigger(AlterEventTrigStmt *stmt)
     	trigoid = HeapTupleGetOid(tup);
     
     	if (!pg_event_trigger_ownercheck(trigoid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EVENT_TRIGGER,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EVENT_TRIGGER,
     					   stmt->trigname);
     
     	/* tuple is a copy, so we can modify it below */
    @@ -610,7 +610,7 @@ AlterEventTriggerOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
     		return;
     
     	if (!pg_event_trigger_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EVENT_TRIGGER,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EVENT_TRIGGER,
     					   NameStr(form->evtname));
     
     	/* New owner must be a superuser */
    diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
    index 9f77d25352..cd3b47d55f 100644
    --- a/src/backend/commands/extension.c
    +++ b/src/backend/commands/extension.c
    @@ -2704,13 +2704,13 @@ AlterExtensionNamespace(const char *extensionName, const char *newschema, Oid *o
     	 * check ownership of the individual member objects ...
     	 */
     	if (!pg_extension_ownercheck(extensionOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EXTENSION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EXTENSION,
     					   extensionName);
     
     	/* Permission check: must have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(nspOid, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE, newschema);
    +		aclcheck_error(aclresult, OBJECT_SCHEMA, newschema);
     
     	/*
     	 * If the schema is currently a member of the extension, disallow moving
    @@ -2924,7 +2924,7 @@ ExecAlterExtensionStmt(ParseState *pstate, AlterExtensionStmt *stmt)
     
     	/* Permission check: must own extension */
     	if (!pg_extension_ownercheck(extensionOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EXTENSION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EXTENSION,
     					   stmt->extname);
     
     	/*
    @@ -3182,7 +3182,7 @@ ExecAlterExtensionContentsStmt(AlterExtensionContentsStmt *stmt,
     
     	/* Permission check: must own extension */
     	if (!pg_extension_ownercheck(extension.objectId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_EXTENSION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_EXTENSION,
     					   stmt->extname);
     
     	/*
    diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c
    index 9ad991507f..dcd9098230 100644
    --- a/src/backend/commands/foreigncmds.c
    +++ b/src/backend/commands/foreigncmds.c
    @@ -358,7 +358,7 @@ AlterForeignServerOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
     
     			/* Must be owner */
     			if (!pg_foreign_server_ownercheck(srvId, GetUserId()))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FOREIGN_SERVER,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FOREIGN_SERVER,
     							   NameStr(form->srvname));
     
     			/* Must be able to become new owner */
    @@ -370,7 +370,7 @@ AlterForeignServerOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
     			{
     				ForeignDataWrapper *fdw = GetForeignDataWrapper(form->srvfdw);
     
    -				aclcheck_error(aclresult, ACL_KIND_FDW, fdw->fdwname);
    +				aclcheck_error(aclresult, OBJECT_FDW, fdw->fdwname);
     			}
     		}
     
    @@ -907,7 +907,7 @@ CreateForeignServer(CreateForeignServerStmt *stmt)
     
     	aclresult = pg_foreign_data_wrapper_aclcheck(fdw->fdwid, ownerId, ACL_USAGE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_FDW, fdw->fdwname);
    +		aclcheck_error(aclresult, OBJECT_FDW, fdw->fdwname);
     
     	/*
     	 * Insert tuple into pg_foreign_server.
    @@ -1010,7 +1010,7 @@ AlterForeignServer(AlterForeignServerStmt *stmt)
     	 * Only owner or a superuser can ALTER a SERVER.
     	 */
     	if (!pg_foreign_server_ownercheck(srvId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FOREIGN_SERVER,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FOREIGN_SERVER,
     					   stmt->servername);
     
     	memset(repl_val, 0, sizeof(repl_val));
    @@ -1119,10 +1119,10 @@ user_mapping_ddl_aclcheck(Oid umuserid, Oid serverid, const char *servername)
     
     			aclresult = pg_foreign_server_aclcheck(serverid, curuserid, ACL_USAGE);
     			if (aclresult != ACLCHECK_OK)
    -				aclcheck_error(aclresult, ACL_KIND_FOREIGN_SERVER, servername);
    +				aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, servername);
     		}
     		else
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_FOREIGN_SERVER,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FOREIGN_SERVER,
     						   servername);
     	}
     }
    @@ -1477,7 +1477,7 @@ CreateForeignTable(CreateForeignTableStmt *stmt, Oid relid)
     	server = GetForeignServerByName(stmt->servername, false);
     	aclresult = pg_foreign_server_aclcheck(server->serverid, ownerId, ACL_USAGE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_FOREIGN_SERVER, server->servername);
    +		aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername);
     
     	fdw = GetForeignDataWrapper(server->fdwid);
     
    @@ -1536,7 +1536,7 @@ ImportForeignSchema(ImportForeignSchemaStmt *stmt)
     	server = GetForeignServerByName(stmt->server_name, false);
     	aclresult = pg_foreign_server_aclcheck(server->serverid, GetUserId(), ACL_USAGE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_FOREIGN_SERVER, server->servername);
    +		aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername);
     
     	/* Check that the schema exists and we have CREATE permissions on it */
     	(void) LookupCreationNamespace(stmt->local_schema);
    diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c
    index 2a9c90133d..8f73606f4d 100644
    --- a/src/backend/commands/functioncmds.c
    +++ b/src/backend/commands/functioncmds.c
    @@ -146,7 +146,7 @@ compute_return_type(TypeName *returnType, Oid languageOid,
     		aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
     										  ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +			aclcheck_error(aclresult, OBJECT_SCHEMA,
     						   get_namespace_name(namespaceId));
     		address = TypeShellMake(typname, namespaceId, GetUserId());
     		rettype = address.objectId;
    @@ -953,7 +953,7 @@ CreateFunction(ParseState *pstate, CreateFunctionStmt *stmt)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(namespaceId));
     
     	/* default attributes */
    @@ -995,14 +995,14 @@ CreateFunction(ParseState *pstate, CreateFunctionStmt *stmt)
     
     		aclresult = pg_language_aclcheck(languageOid, GetUserId(), ACL_USAGE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_LANGUAGE,
    +			aclcheck_error(aclresult, OBJECT_LANGUAGE,
     						   NameStr(languageStruct->lanname));
     	}
     	else
     	{
     		/* if untrusted language, must be superuser */
     		if (!superuser())
    -			aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
    +			aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_LANGUAGE,
     						   NameStr(languageStruct->lanname));
     	}
     
    @@ -1254,7 +1254,7 @@ AlterFunction(ParseState *pstate, AlterFunctionStmt *stmt)
     
     	/* Permission check: must own function */
     	if (!pg_proc_ownercheck(funcOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, stmt->objtype,
     					   NameListToString(stmt->func->objname));
     
     	if (procForm->proisagg)
    @@ -1911,7 +1911,7 @@ CreateTransform(CreateTransformStmt *stmt)
     
     	aclresult = pg_language_aclcheck(langid, GetUserId(), ACL_USAGE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_LANGUAGE, stmt->lang);
    +		aclcheck_error(aclresult, OBJECT_LANGUAGE, stmt->lang);
     
     	/*
     	 * Get the functions
    @@ -1921,11 +1921,11 @@ CreateTransform(CreateTransformStmt *stmt)
     		fromsqlfuncid = LookupFuncWithArgs(OBJECT_FUNCTION, stmt->fromsql, false);
     
     		if (!pg_proc_ownercheck(fromsqlfuncid, GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC, NameListToString(stmt->fromsql->objname));
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION, NameListToString(stmt->fromsql->objname));
     
     		aclresult = pg_proc_aclcheck(fromsqlfuncid, GetUserId(), ACL_EXECUTE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_PROC, NameListToString(stmt->fromsql->objname));
    +			aclcheck_error(aclresult, OBJECT_FUNCTION, NameListToString(stmt->fromsql->objname));
     
     		tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(fromsqlfuncid));
     		if (!HeapTupleIsValid(tuple))
    @@ -1947,11 +1947,11 @@ CreateTransform(CreateTransformStmt *stmt)
     		tosqlfuncid = LookupFuncWithArgs(OBJECT_FUNCTION, stmt->tosql, false);
     
     		if (!pg_proc_ownercheck(tosqlfuncid, GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC, NameListToString(stmt->tosql->objname));
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION, NameListToString(stmt->tosql->objname));
     
     		aclresult = pg_proc_aclcheck(tosqlfuncid, GetUserId(), ACL_EXECUTE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_PROC, NameListToString(stmt->tosql->objname));
    +			aclcheck_error(aclresult, OBJECT_FUNCTION, NameListToString(stmt->tosql->objname));
     
     		tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(tosqlfuncid));
     		if (!HeapTupleIsValid(tuple))
    @@ -2209,14 +2209,14 @@ ExecuteDoStmt(DoStmt *stmt)
     		aclresult = pg_language_aclcheck(codeblock->langOid, GetUserId(),
     										 ACL_USAGE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_LANGUAGE,
    +			aclcheck_error(aclresult, OBJECT_LANGUAGE,
     						   NameStr(languageStruct->lanname));
     	}
     	else
     	{
     		/* if untrusted language, must be superuser */
     		if (!superuser())
    -			aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
    +			aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_LANGUAGE,
     						   NameStr(languageStruct->lanname));
     	}
     
    @@ -2270,7 +2270,7 @@ ExecuteCallStmt(ParseState *pstate, CallStmt *stmt)
     
     	aclresult = pg_proc_aclcheck(fexpr->funcid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(fexpr->funcid));
    +		aclcheck_error(aclresult, OBJECT_PROCEDURE, get_func_name(fexpr->funcid));
     	InvokeFunctionExecuteHook(fexpr->funcid);
     
     	nargs = list_length(fexpr->args);
    diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c
    index 97091dd9fb..31992512e5 100644
    --- a/src/backend/commands/indexcmds.c
    +++ b/src/backend/commands/indexcmds.c
    @@ -431,7 +431,7 @@ DefineIndex(Oid relationId,
     		aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
     										  ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +			aclcheck_error(aclresult, OBJECT_SCHEMA,
     						   get_namespace_name(namespaceId));
     	}
     
    @@ -458,7 +458,7 @@ DefineIndex(Oid relationId,
     		aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(),
     										   ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
    +			aclcheck_error(aclresult, OBJECT_TABLESPACE,
     						   get_tablespace_name(tablespaceId));
     	}
     
    @@ -1836,7 +1836,7 @@ RangeVarCallbackForReindexIndex(const RangeVar *relation,
     
     	/* Check permissions */
     	if (!pg_class_ownercheck(relId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, relation->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_INDEX, relation->relname);
     
     	/* Lock heap before index to avoid deadlock. */
     	if (relId != oldRelId)
    @@ -1915,7 +1915,7 @@ ReindexMultipleTables(const char *objectName, ReindexObjectType objectKind,
     		objectOid = get_namespace_oid(objectName, false);
     
     		if (!pg_namespace_ownercheck(objectOid, GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA,
     						   objectName);
     	}
     	else
    @@ -1927,7 +1927,7 @@ ReindexMultipleTables(const char *objectName, ReindexObjectType objectKind,
     					(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
     					 errmsg("can only reindex the currently open database")));
     		if (!pg_database_ownercheck(objectOid, GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     						   objectName);
     	}
     
    diff --git a/src/backend/commands/lockcmds.c b/src/backend/commands/lockcmds.c
    index 9fe9e022b0..fba81dba19 100644
    --- a/src/backend/commands/lockcmds.c
    +++ b/src/backend/commands/lockcmds.c
    @@ -96,7 +96,7 @@ RangeVarCallbackForLockTable(const RangeVar *rv, Oid relid, Oid oldrelid,
     	/* Check permissions. */
     	aclresult = LockTableAclCheck(relid, lockmode);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_CLASS, rv->relname);
    +		aclcheck_error(aclresult, OBJECT_RELATION, rv->relname);
     }
     
     /*
    @@ -127,7 +127,7 @@ LockTableRecurse(Oid reloid, LOCKMODE lockmode, bool nowait)
     
     			if (!relname)
     				continue;		/* child concurrently dropped, just skip it */
    -			aclcheck_error(aclresult, ACL_KIND_CLASS, relname);
    +			aclcheck_error(aclresult, OBJECT_RELATION, relname);
     		}
     
     		/* We have enough rights to lock the relation; do so. */
    diff --git a/src/backend/commands/opclasscmds.c b/src/backend/commands/opclasscmds.c
    index 35c7c67bf5..0fb5345b6c 100644
    --- a/src/backend/commands/opclasscmds.c
    +++ b/src/backend/commands/opclasscmds.c
    @@ -353,7 +353,7 @@ DefineOpClass(CreateOpClassStmt *stmt)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(namespaceoid));
     
     	/* Get necessary info about access method */
    @@ -497,11 +497,11 @@ DefineOpClass(CreateOpClassStmt *stmt)
     				/* XXX this is unnecessary given the superuser check above */
     				/* Caller must own operator and its underlying function */
     				if (!pg_oper_ownercheck(operOid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
     								   get_opname(operOid));
     				funcOid = get_opcode(operOid);
     				if (!pg_proc_ownercheck(funcOid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     								   get_func_name(funcOid));
     #endif
     
    @@ -525,7 +525,7 @@ DefineOpClass(CreateOpClassStmt *stmt)
     				/* XXX this is unnecessary given the superuser check above */
     				/* Caller must own function */
     				if (!pg_proc_ownercheck(funcOid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     								   get_func_name(funcOid));
     #endif
     
    @@ -730,7 +730,7 @@ DefineOpFamily(CreateOpFamilyStmt *stmt)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(namespaceoid));
     
     	/* Get access method OID, throwing an error if it doesn't exist. */
    @@ -871,11 +871,11 @@ AlterOpFamilyAdd(AlterOpFamilyStmt *stmt, Oid amoid, Oid opfamilyoid,
     				/* XXX this is unnecessary given the superuser check above */
     				/* Caller must own operator and its underlying function */
     				if (!pg_oper_ownercheck(operOid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
     								   get_opname(operOid));
     				funcOid = get_opcode(operOid);
     				if (!pg_proc_ownercheck(funcOid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     								   get_func_name(funcOid));
     #endif
     
    @@ -899,7 +899,7 @@ AlterOpFamilyAdd(AlterOpFamilyStmt *stmt, Oid amoid, Oid opfamilyoid,
     				/* XXX this is unnecessary given the superuser check above */
     				/* Caller must own function */
     				if (!pg_proc_ownercheck(funcOid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     								   get_func_name(funcOid));
     #endif
     
    diff --git a/src/backend/commands/operatorcmds.c b/src/backend/commands/operatorcmds.c
    index 6674b41eec..7b52fa9f50 100644
    --- a/src/backend/commands/operatorcmds.c
    +++ b/src/backend/commands/operatorcmds.c
    @@ -95,7 +95,7 @@ DefineOperator(List *names, List *parameters)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(oprNamespace, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(oprNamespace));
     
     	/*
    @@ -215,7 +215,7 @@ DefineOperator(List *names, List *parameters)
     	 */
     	aclresult = pg_proc_aclcheck(functionOid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC,
    +		aclcheck_error(aclresult, OBJECT_FUNCTION,
     					   NameListToString(functionName));
     
     	rettype = get_func_rettype(functionOid);
    @@ -281,7 +281,7 @@ ValidateRestrictionEstimator(List *restrictionName)
     	/* Require EXECUTE rights for the estimator */
     	aclresult = pg_proc_aclcheck(restrictionOid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC,
    +		aclcheck_error(aclresult, OBJECT_FUNCTION,
     					   NameListToString(restrictionName));
     
     	return restrictionOid;
    @@ -327,7 +327,7 @@ ValidateJoinEstimator(List *joinName)
     	/* Require EXECUTE rights for the estimator */
     	aclresult = pg_proc_aclcheck(joinOid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC,
    +		aclcheck_error(aclresult, OBJECT_FUNCTION,
     					   NameListToString(joinName));
     
     	return joinOid;
    @@ -457,7 +457,7 @@ AlterOperator(AlterOperatorStmt *stmt)
     
     	/* Check permissions. Must be owner. */
     	if (!pg_oper_ownercheck(oprId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_OPER,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_OPERATOR,
     					   NameStr(oprForm->oprname));
     
     	/*
    diff --git a/src/backend/commands/policy.c b/src/backend/commands/policy.c
    index 9ced4ee34c..b57c1b8f05 100644
    --- a/src/backend/commands/policy.c
    +++ b/src/backend/commands/policy.c
    @@ -78,7 +78,7 @@ RangeVarCallbackForPolicy(const RangeVar *rv, Oid relid, Oid oldrelid,
     
     	/* Must own relation. */
     	if (!pg_class_ownercheck(relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rv->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
     
     	/* No system table modifications unless explicitly allowed. */
     	if (!allowSystemTableMods && IsSystemClass(relid, classform))
    diff --git a/src/backend/commands/proclang.c b/src/backend/commands/proclang.c
    index 1a239fabea..487502f389 100644
    --- a/src/backend/commands/proclang.c
    +++ b/src/backend/commands/proclang.c
    @@ -97,7 +97,7 @@ CreateProceduralLanguage(CreatePLangStmt *stmt)
     						 errmsg("must be superuser to create procedural language \"%s\"",
     								stmt->plname)));
     			if (!pg_database_ownercheck(MyDatabaseId, GetUserId()))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     							   get_database_name(MyDatabaseId));
     		}
     
    @@ -366,7 +366,7 @@ create_proc_lang(const char *languageName, bool replace,
     					(errcode(ERRCODE_DUPLICATE_OBJECT),
     					 errmsg("language \"%s\" already exists", languageName)));
     		if (!pg_language_ownercheck(HeapTupleGetOid(oldtup), languageOwner))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_LANGUAGE,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_LANGUAGE,
     						   languageName);
     
     		/*
    diff --git a/src/backend/commands/publicationcmds.c b/src/backend/commands/publicationcmds.c
    index f298d3d381..55b25ebe23 100644
    --- a/src/backend/commands/publicationcmds.c
    +++ b/src/backend/commands/publicationcmds.c
    @@ -150,7 +150,7 @@ CreatePublication(CreatePublicationStmt *stmt)
     	/* must have CREATE privilege on database */
     	aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_DATABASE,
    +		aclcheck_error(aclresult, OBJECT_DATABASE,
     					   get_database_name(MyDatabaseId));
     
     	/* FOR ALL TABLES requires superuser */
    @@ -403,7 +403,7 @@ AlterPublication(AlterPublicationStmt *stmt)
     
     	/* must be owner */
     	if (!pg_publication_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PUBLICATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_PUBLICATION,
     					   stmt->pubname);
     
     	if (stmt->options)
    @@ -582,7 +582,7 @@ PublicationAddTables(Oid pubid, List *rels, bool if_not_exists,
     
     		/* Must be owner of the table or superuser. */
     		if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     						   RelationGetRelationName(rel));
     
     		obj = publication_add_relation(pubid, rel, if_not_exists);
    @@ -649,7 +649,7 @@ AlterPublicationOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
     
     		/* Must be owner */
     		if (!pg_publication_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PUBLICATION,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_PUBLICATION,
     						   NameStr(form->pubname));
     
     		/* Must be able to become new owner */
    @@ -658,7 +658,7 @@ AlterPublicationOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
     		/* New owner must have CREATE privilege on database */
     		aclresult = pg_database_aclcheck(MyDatabaseId, newOwnerId, ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_DATABASE,
    +			aclcheck_error(aclresult, OBJECT_DATABASE,
     						   get_database_name(MyDatabaseId));
     
     		if (form->puballtables && !superuser_arg(newOwnerId))
    diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c
    index f9ea73f923..23b04665b8 100644
    --- a/src/backend/commands/schemacmds.c
    +++ b/src/backend/commands/schemacmds.c
    @@ -94,7 +94,7 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString,
     	 */
     	aclresult = pg_database_aclcheck(MyDatabaseId, saved_uid, ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_DATABASE,
    +		aclcheck_error(aclresult, OBJECT_DATABASE,
     					   get_database_name(MyDatabaseId));
     
     	check_is_member_of_role(saved_uid, owner_uid);
    @@ -265,13 +265,13 @@ RenameSchema(const char *oldname, const char *newname)
     
     	/* must be owner */
     	if (!pg_namespace_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA,
     					   oldname);
     
     	/* must have CREATE privilege on database */
     	aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_DATABASE,
    +		aclcheck_error(aclresult, OBJECT_DATABASE,
     					   get_database_name(MyDatabaseId));
     
     	if (!allowSystemTableMods && IsReservedName(newname))
    @@ -373,7 +373,7 @@ AlterSchemaOwner_internal(HeapTuple tup, Relation rel, Oid newOwnerId)
     
     		/* Otherwise, must be owner of the existing object */
     		if (!pg_namespace_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_NAMESPACE,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA,
     						   NameStr(nspForm->nspname));
     
     		/* Must be able to become new owner */
    @@ -391,7 +391,7 @@ AlterSchemaOwner_internal(HeapTuple tup, Relation rel, Oid newOwnerId)
     		aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(),
     										 ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_DATABASE,
    +			aclcheck_error(aclresult, OBJECT_DATABASE,
     						   get_database_name(MyDatabaseId));
     
     		memset(repl_null, false, sizeof(repl_null));
    diff --git a/src/backend/commands/statscmds.c b/src/backend/commands/statscmds.c
    index c70a28de4b..e75631bb97 100644
    --- a/src/backend/commands/statscmds.c
    +++ b/src/backend/commands/statscmds.c
    @@ -141,7 +141,7 @@ CreateStatistics(CreateStatsStmt *stmt)
     
     		/* You must own the relation to create stats on it */
     		if (!pg_class_ownercheck(RelationGetRelid(rel), stxowner))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     						   RelationGetRelationName(rel));
     	}
     
    diff --git a/src/backend/commands/subscriptioncmds.c b/src/backend/commands/subscriptioncmds.c
    index 086a6ef85e..eb18f83ef1 100644
    --- a/src/backend/commands/subscriptioncmds.c
    +++ b/src/backend/commands/subscriptioncmds.c
    @@ -637,7 +637,7 @@ AlterSubscription(AlterSubscriptionStmt *stmt)
     
     	/* must be owner */
     	if (!pg_subscription_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION,
     					   stmt->subname);
     
     	subid = HeapTupleGetOid(tup);
    @@ -856,7 +856,7 @@ DropSubscription(DropSubscriptionStmt *stmt, bool isTopLevel)
     
     	/* must be owner */
     	if (!pg_subscription_ownercheck(subid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION,
     					   stmt->subname);
     
     	/* DROP hook for the subscription being removed */
    @@ -1024,7 +1024,7 @@ AlterSubscriptionOwner_internal(Relation rel, HeapTuple tup, Oid newOwnerId)
     		return;
     
     	if (!pg_subscription_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_SUBSCRIPTION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SUBSCRIPTION,
     					   NameStr(form->subname));
     
     	/* New owner must be a superuser */
    diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
    index d979ce266d..134b670c3c 100644
    --- a/src/backend/commands/tablecmds.c
    +++ b/src/backend/commands/tablecmds.c
    @@ -589,7 +589,7 @@ DefineRelation(CreateStmt *stmt, char relkind, Oid ownerId,
     		aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(),
     										   ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
    +			aclcheck_error(aclresult, OBJECT_TABLESPACE,
     						   get_tablespace_name(tablespaceId));
     	}
     
    @@ -1193,7 +1193,7 @@ RangeVarCallbackForDropRelation(const RangeVar *rel, Oid relOid, Oid oldRelOid,
     	/* Allow DROP to either table owner or schema owner */
     	if (!pg_class_ownercheck(relOid, GetUserId()) &&
     		!pg_namespace_ownercheck(classform->relnamespace, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     					   rel->relname);
     
     	if (!allowSystemTableMods && IsSystemClass(relOid, classform))
    @@ -1375,7 +1375,7 @@ ExecuteTruncate(TruncateStmt *stmt)
     
     				/* This check must match AlterSequence! */
     				if (!pg_class_ownercheck(seq_relid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SEQUENCE,
     								   RelationGetRelationName(seq_rel));
     
     				seq_relids = lappend_oid(seq_relids, seq_relid);
    @@ -1563,7 +1563,7 @@ truncate_check_rel(Relation rel)
     	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     								  ACL_TRUNCATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_CLASS,
    +		aclcheck_error(aclresult, OBJECT_RELATION,
     					   RelationGetRelationName(rel));
     
     	if (!allowSystemTableMods && IsSystemRelation(rel))
    @@ -1849,7 +1849,7 @@ MergeAttributes(List *schema, List *supers, char relpersistence,
     		 * demand that creator of a child table own the parent.
     		 */
     		if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     						   RelationGetRelationName(relation));
     
     		/*
    @@ -2552,7 +2552,7 @@ renameatt_check(Oid myrelid, Form_pg_class classform, bool recursing)
     	 * permissions checking.  only the owner of a class can change its schema.
     	 */
     	if (!pg_class_ownercheck(myrelid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     					   NameStr(classform->relname));
     	if (!allowSystemTableMods && IsSystemClass(myrelid, classform))
     		ereport(ERROR,
    @@ -4770,7 +4770,7 @@ ATSimplePermissions(Relation rel, int allowed_targets)
     
     	/* Permissions checks */
     	if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     					   RelationGetRelationName(rel));
     
     	if (!allowSystemTableMods && IsSystemRelation(rel))
    @@ -6213,7 +6213,7 @@ ATPrepSetStatistics(Relation rel, const char *colName, int16 colNum, Node *newVa
     
     	/* Permissions checks */
     	if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     					   RelationGetRelationName(rel));
     }
     
    @@ -8197,7 +8197,7 @@ checkFkeyPermissions(Relation rel, int16 *attnums, int natts)
     		aclresult = pg_attribute_aclcheck(RelationGetRelid(rel), attnums[i],
     										  roleid, ACL_REFERENCES);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_CLASS,
    +			aclcheck_error(aclresult, OBJECT_RELATION,
     						   RelationGetRelationName(rel));
     	}
     }
    @@ -10105,7 +10105,7 @@ ATExecChangeOwner(Oid relationOid, Oid newOwnerId, bool recursing, LOCKMODE lock
     
     				/* Otherwise, must be owner of the existing object */
     				if (!pg_class_ownercheck(relationOid, GetUserId()))
    -					aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +					aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     								   RelationGetRelationName(target_rel));
     
     				/* Must be able to become new owner */
    @@ -10115,7 +10115,7 @@ ATExecChangeOwner(Oid relationOid, Oid newOwnerId, bool recursing, LOCKMODE lock
     				aclresult = pg_namespace_aclcheck(namespaceOid, newOwnerId,
     												  ACL_CREATE);
     				if (aclresult != ACLCHECK_OK)
    -					aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +					aclcheck_error(aclresult, OBJECT_SCHEMA,
     								   get_namespace_name(namespaceOid));
     			}
     		}
    @@ -10410,7 +10410,7 @@ ATPrepSetTableSpace(AlteredTableInfo *tab, Relation rel, const char *tablespacen
     
     		aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(), ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_TABLESPACE, tablespacename);
    +			aclcheck_error(aclresult, OBJECT_TABLESPACE, tablespacename);
     	}
     
     	/* Save info for Phase 3 to do the real work */
    @@ -10844,7 +10844,7 @@ AlterTableMoveAll(AlterTableMoveAllStmt *stmt)
     		aclresult = pg_tablespace_aclcheck(new_tablespaceoid, GetUserId(),
     										   ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
    +			aclcheck_error(aclresult, OBJECT_TABLESPACE,
     						   get_tablespace_name(new_tablespaceoid));
     	}
     
    @@ -10915,7 +10915,7 @@ AlterTableMoveAll(AlterTableMoveAllStmt *stmt)
     		 * Caller must be considered an owner on the table to move it.
     		 */
     		if (!pg_class_ownercheck(relOid, GetUserId()))
    -			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +			aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     						   NameStr(relForm->relname));
     
     		if (stmt->nowait &&
    @@ -13160,7 +13160,7 @@ RangeVarCallbackOwnsTable(const RangeVar *relation,
     
     	/* Check permissions */
     	if (!pg_class_ownercheck(relId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, relation->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, relation->relname);
     }
     
     /*
    @@ -13182,7 +13182,7 @@ RangeVarCallbackOwnsRelation(const RangeVar *relation,
     		elog(ERROR, "cache lookup failed for relation %u", relId);
     
     	if (!pg_class_ownercheck(relId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     					   relation->relname);
     
     	if (!allowSystemTableMods &&
    @@ -13218,7 +13218,7 @@ RangeVarCallbackForAlterRelation(const RangeVar *rv, Oid relid, Oid oldrelid,
     
     	/* Must own relation. */
     	if (!pg_class_ownercheck(relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rv->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
     
     	/* No system table modifications unless explicitly allowed. */
     	if (!allowSystemTableMods && IsSystemClass(relid, classform))
    @@ -13238,7 +13238,7 @@ RangeVarCallbackForAlterRelation(const RangeVar *rv, Oid relid, Oid oldrelid,
     		aclresult = pg_namespace_aclcheck(classform->relnamespace,
     										  GetUserId(), ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +			aclcheck_error(aclresult, OBJECT_SCHEMA,
     						   get_namespace_name(classform->relnamespace));
     		reltype = ((RenameStmt *) stmt)->renameType;
     	}
    diff --git a/src/backend/commands/tablespace.c b/src/backend/commands/tablespace.c
    index d574e4dd00..24e07c7f08 100644
    --- a/src/backend/commands/tablespace.c
    +++ b/src/backend/commands/tablespace.c
    @@ -444,13 +444,13 @@ DropTableSpace(DropTableSpaceStmt *stmt)
     
     	/* Must be tablespace owner */
     	if (!pg_tablespace_ownercheck(tablespaceoid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TABLESPACE,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TABLESPACE,
     					   tablespacename);
     
     	/* Disallow drop of the standard tablespaces, even by superuser */
     	if (tablespaceoid == GLOBALTABLESPACE_OID ||
     		tablespaceoid == DEFAULTTABLESPACE_OID)
    -		aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_TABLESPACE,
    +		aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLESPACE,
     					   tablespacename);
     
     	/* DROP hook for the tablespace being removed */
    @@ -941,7 +941,7 @@ RenameTableSpace(const char *oldname, const char *newname)
     
     	/* Must be owner */
     	if (!pg_tablespace_ownercheck(HeapTupleGetOid(newtuple), GetUserId()))
    -		aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_TABLESPACE, oldname);
    +		aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_TABLESPACE, oldname);
     
     	/* Validate new name */
     	if (!allowSystemTableMods && IsReservedName(newname))
    @@ -1017,7 +1017,7 @@ AlterTableSpaceOptions(AlterTableSpaceOptionsStmt *stmt)
     
     	/* Must be owner of the existing object */
     	if (!pg_tablespace_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TABLESPACE,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TABLESPACE,
     					   stmt->tablespacename);
     
     	/* Generate new proposed spcoptions (text array) */
    @@ -1232,7 +1232,7 @@ check_temp_tablespaces(char **newval, void **extra, GucSource source)
     			if (aclresult != ACLCHECK_OK)
     			{
     				if (source >= PGC_S_INTERACTIVE)
    -					aclcheck_error(aclresult, ACL_KIND_TABLESPACE, curname);
    +					aclcheck_error(aclresult, OBJECT_TABLESPACE, curname);
     				continue;
     			}
     
    diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c
    index 92ae3822d8..b1a1e4c65d 100644
    --- a/src/backend/commands/trigger.c
    +++ b/src/backend/commands/trigger.c
    @@ -284,7 +284,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
     		aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     									  ACL_TRIGGER);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_CLASS,
    +			aclcheck_error(aclresult, OBJECT_RELATION,
     						   RelationGetRelationName(rel));
     
     		if (OidIsValid(constrrelid))
    @@ -292,7 +292,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
     			aclresult = pg_class_aclcheck(constrrelid, GetUserId(),
     										  ACL_TRIGGER);
     			if (aclresult != ACLCHECK_OK)
    -				aclcheck_error(aclresult, ACL_KIND_CLASS,
    +				aclcheck_error(aclresult, OBJECT_RELATION,
     							   get_rel_name(constrrelid));
     		}
     	}
    @@ -592,7 +592,7 @@ CreateTrigger(CreateTrigStmt *stmt, const char *queryString,
     	{
     		aclresult = pg_proc_aclcheck(funcoid, GetUserId(), ACL_EXECUTE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_PROC,
    +			aclcheck_error(aclresult, OBJECT_FUNCTION,
     						   NameListToString(stmt->funcname));
     	}
     	funcrettype = get_func_rettype(funcoid);
    @@ -1422,7 +1422,7 @@ RangeVarCallbackForRenameTrigger(const RangeVar *rv, Oid relid, Oid oldrelid,
     
     	/* you must own the table to rename one of its triggers */
     	if (!pg_class_ownercheck(relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rv->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
     	if (!allowSystemTableMods && IsSystemClass(relid, form))
     		ereport(ERROR,
     				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
    diff --git a/src/backend/commands/tsearchcmds.c b/src/backend/commands/tsearchcmds.c
    index adc7cd67a7..777677fbd3 100644
    --- a/src/backend/commands/tsearchcmds.c
    +++ b/src/backend/commands/tsearchcmds.c
    @@ -428,7 +428,7 @@ DefineTSDictionary(List *names, List *parameters)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(namespaceoid));
     
     	/*
    @@ -549,7 +549,7 @@ AlterTSDictionary(AlterTSDictionaryStmt *stmt)
     
     	/* must be owner */
     	if (!pg_ts_dict_ownercheck(dictId, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSDICTIONARY,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TSDICTIONARY,
     					   NameListToString(stmt->dictname));
     
     	/* deserialize the existing set of options */
    @@ -980,7 +980,7 @@ DefineTSConfiguration(List *names, List *parameters, ObjectAddress *copied)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(namespaceoid));
     
     	/*
    @@ -1189,7 +1189,7 @@ AlterTSConfiguration(AlterTSConfigurationStmt *stmt)
     
     	/* must be owner */
     	if (!pg_ts_config_ownercheck(HeapTupleGetOid(tup), GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_TSCONFIGURATION,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TSCONFIGURATION,
     					   NameListToString(stmt->cfgname));
     
     	relMap = heap_open(TSConfigMapRelationId, RowExclusiveLock);
    diff --git a/src/backend/commands/typecmds.c b/src/backend/commands/typecmds.c
    index f86af4c054..ec1ee20261 100644
    --- a/src/backend/commands/typecmds.c
    +++ b/src/backend/commands/typecmds.c
    @@ -190,7 +190,7 @@ DefineType(ParseState *pstate, List *names, List *parameters)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(typeNamespace, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(typeNamespace));
     #endif
     
    @@ -526,25 +526,25 @@ DefineType(ParseState *pstate, List *names, List *parameters)
     #ifdef NOT_USED
     	/* XXX this is unnecessary given the superuser check above */
     	if (inputOid && !pg_proc_ownercheck(inputOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     					   NameListToString(inputName));
     	if (outputOid && !pg_proc_ownercheck(outputOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     					   NameListToString(outputName));
     	if (receiveOid && !pg_proc_ownercheck(receiveOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     					   NameListToString(receiveName));
     	if (sendOid && !pg_proc_ownercheck(sendOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     					   NameListToString(sendName));
     	if (typmodinOid && !pg_proc_ownercheck(typmodinOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     					   NameListToString(typmodinName));
     	if (typmodoutOid && !pg_proc_ownercheck(typmodoutOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     					   NameListToString(typmodoutName));
     	if (analyzeOid && !pg_proc_ownercheck(analyzeOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION,
     					   NameListToString(analyzeName));
     #endif
     
    @@ -772,7 +772,7 @@ DefineDomain(CreateDomainStmt *stmt)
     	aclresult = pg_namespace_aclcheck(domainNamespace, GetUserId(),
     									  ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(domainNamespace));
     
     	/*
    @@ -1171,7 +1171,7 @@ DefineEnum(CreateEnumStmt *stmt)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(enumNamespace, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(enumNamespace));
     
     	/*
    @@ -1398,7 +1398,7 @@ DefineRange(CreateRangeStmt *stmt)
     	/* Check we have creation rights in target namespace */
     	aclresult = pg_namespace_aclcheck(typeNamespace, GetUserId(), ACL_CREATE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(typeNamespace));
     
     	/*
    @@ -2042,7 +2042,7 @@ findRangeCanonicalFunction(List *procname, Oid typeOid)
     	/* Also, range type's creator must have permission to call function */
     	aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(procOid));
    +		aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(procOid));
     
     	return procOid;
     }
    @@ -2085,7 +2085,7 @@ findRangeSubtypeDiffFunction(List *procname, Oid subtype)
     	/* Also, range type's creator must have permission to call function */
     	aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(procOid));
    +		aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(procOid));
     
     	return procOid;
     }
    @@ -3380,7 +3380,7 @@ AlterTypeOwner(List *names, Oid newOwnerId, ObjectType objecttype)
     											  newOwnerId,
     											  ACL_CREATE);
     			if (aclresult != ACLCHECK_OK)
    -				aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +				aclcheck_error(aclresult, OBJECT_SCHEMA,
     							   get_namespace_name(typTup->typnamespace));
     		}
     
    diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
    index f2941352d7..e4700cfd23 100644
    --- a/src/backend/commands/user.c
    +++ b/src/backend/commands/user.c
    @@ -939,7 +939,7 @@ AlterRoleSet(AlterRoleSetStmt *stmt)
     			 * ALTER DATABASE ... SET, so use the same permission check.
     			 */
     			if (!pg_database_ownercheck(databaseid, GetUserId()))
    -				aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
    +				aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
     							   stmt->database);
     		}
     	}
    diff --git a/src/backend/executor/execExpr.c b/src/backend/executor/execExpr.c
    index e0839616e1..a877501394 100644
    --- a/src/backend/executor/execExpr.c
    +++ b/src/backend/executor/execExpr.c
    @@ -883,7 +883,7 @@ ExecInitExprRec(Expr *node, PlanState *parent, ExprState *state,
     											 GetUserId(),
     											 ACL_EXECUTE);
     				if (aclresult != ACLCHECK_OK)
    -					aclcheck_error(aclresult, ACL_KIND_PROC,
    +					aclcheck_error(aclresult, OBJECT_FUNCTION,
     								   get_func_name(opexpr->opfuncid));
     				InvokeFunctionExecuteHook(opexpr->opfuncid);
     
    @@ -2086,7 +2086,7 @@ ExecInitFunc(ExprEvalStep *scratch, Expr *node, List *args, Oid funcid,
     	/* Check permission to call function */
     	aclresult = pg_proc_aclcheck(funcid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(funcid));
    +		aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(funcid));
     	InvokeFunctionExecuteHook(funcid);
     
     	/*
    diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
    index dbaa47f2d3..2ce7bbc596 100644
    --- a/src/backend/executor/execMain.c
    +++ b/src/backend/executor/execMain.c
    @@ -579,7 +579,7 @@ ExecCheckRTPerms(List *rangeTable, bool ereport_on_violation)
     		{
     			Assert(rte->rtekind == RTE_RELATION);
     			if (ereport_on_violation)
    -				aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS,
    +				aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_RELATION,
     							   get_rel_name(rte->relid));
     			return false;
     		}
    diff --git a/src/backend/executor/execSRF.c b/src/backend/executor/execSRF.c
    index c24d8b9ead..164f65e738 100644
    --- a/src/backend/executor/execSRF.c
    +++ b/src/backend/executor/execSRF.c
    @@ -682,7 +682,7 @@ init_sexpr(Oid foid, Oid input_collation, Expr *node,
     	/* Check permission to call function */
     	aclresult = pg_proc_aclcheck(foid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(foid));
    +		aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(foid));
     	InvokeFunctionExecuteHook(foid);
     
     	/*
    diff --git a/src/backend/executor/nodeAgg.c b/src/backend/executor/nodeAgg.c
    index da6ef1a94c..97c874f5cd 100644
    --- a/src/backend/executor/nodeAgg.c
    +++ b/src/backend/executor/nodeAgg.c
    @@ -3179,7 +3179,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
     		aclresult = pg_proc_aclcheck(aggref->aggfnoid, GetUserId(),
     									 ACL_EXECUTE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_PROC,
    +			aclcheck_error(aclresult, OBJECT_AGGREGATE,
     						   get_func_name(aggref->aggfnoid));
     		InvokeFunctionExecuteHook(aggref->aggfnoid);
     
    @@ -3269,7 +3269,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
     			aclresult = pg_proc_aclcheck(transfn_oid, aggOwner,
     										 ACL_EXECUTE);
     			if (aclresult != ACLCHECK_OK)
    -				aclcheck_error(aclresult, ACL_KIND_PROC,
    +				aclcheck_error(aclresult, OBJECT_FUNCTION,
     							   get_func_name(transfn_oid));
     			InvokeFunctionExecuteHook(transfn_oid);
     			if (OidIsValid(finalfn_oid))
    @@ -3277,7 +3277,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
     				aclresult = pg_proc_aclcheck(finalfn_oid, aggOwner,
     											 ACL_EXECUTE);
     				if (aclresult != ACLCHECK_OK)
    -					aclcheck_error(aclresult, ACL_KIND_PROC,
    +					aclcheck_error(aclresult, OBJECT_FUNCTION,
     								   get_func_name(finalfn_oid));
     				InvokeFunctionExecuteHook(finalfn_oid);
     			}
    @@ -3286,7 +3286,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
     				aclresult = pg_proc_aclcheck(serialfn_oid, aggOwner,
     											 ACL_EXECUTE);
     				if (aclresult != ACLCHECK_OK)
    -					aclcheck_error(aclresult, ACL_KIND_PROC,
    +					aclcheck_error(aclresult, OBJECT_FUNCTION,
     								   get_func_name(serialfn_oid));
     				InvokeFunctionExecuteHook(serialfn_oid);
     			}
    @@ -3295,7 +3295,7 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)
     				aclresult = pg_proc_aclcheck(deserialfn_oid, aggOwner,
     											 ACL_EXECUTE);
     				if (aclresult != ACLCHECK_OK)
    -					aclcheck_error(aclresult, ACL_KIND_PROC,
    +					aclcheck_error(aclresult, OBJECT_FUNCTION,
     								   get_func_name(deserialfn_oid));
     				InvokeFunctionExecuteHook(deserialfn_oid);
     			}
    diff --git a/src/backend/executor/nodeWindowAgg.c b/src/backend/executor/nodeWindowAgg.c
    index 02868749f6..71c935a472 100644
    --- a/src/backend/executor/nodeWindowAgg.c
    +++ b/src/backend/executor/nodeWindowAgg.c
    @@ -1928,7 +1928,7 @@ ExecInitWindowAgg(WindowAgg *node, EState *estate, int eflags)
     		aclresult = pg_proc_aclcheck(wfunc->winfnoid, GetUserId(),
     									 ACL_EXECUTE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_PROC,
    +			aclcheck_error(aclresult, OBJECT_FUNCTION,
     						   get_func_name(wfunc->winfnoid));
     		InvokeFunctionExecuteHook(wfunc->winfnoid);
     
    @@ -2189,7 +2189,7 @@ initialize_peragg(WindowAggState *winstate, WindowFunc *wfunc,
     		aclresult = pg_proc_aclcheck(transfn_oid, aggOwner,
     									 ACL_EXECUTE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_PROC,
    +			aclcheck_error(aclresult, OBJECT_FUNCTION,
     						   get_func_name(transfn_oid));
     		InvokeFunctionExecuteHook(transfn_oid);
     
    @@ -2198,7 +2198,7 @@ initialize_peragg(WindowAggState *winstate, WindowFunc *wfunc,
     			aclresult = pg_proc_aclcheck(invtransfn_oid, aggOwner,
     										 ACL_EXECUTE);
     			if (aclresult != ACLCHECK_OK)
    -				aclcheck_error(aclresult, ACL_KIND_PROC,
    +				aclcheck_error(aclresult, OBJECT_FUNCTION,
     							   get_func_name(invtransfn_oid));
     			InvokeFunctionExecuteHook(invtransfn_oid);
     		}
    @@ -2208,7 +2208,7 @@ initialize_peragg(WindowAggState *winstate, WindowFunc *wfunc,
     			aclresult = pg_proc_aclcheck(finalfn_oid, aggOwner,
     										 ACL_EXECUTE);
     			if (aclresult != ACLCHECK_OK)
    -				aclcheck_error(aclresult, ACL_KIND_PROC,
    +				aclcheck_error(aclresult, OBJECT_FUNCTION,
     							   get_func_name(finalfn_oid));
     			InvokeFunctionExecuteHook(finalfn_oid);
     		}
    diff --git a/src/backend/parser/parse_utilcmd.c b/src/backend/parser/parse_utilcmd.c
    index f67379f8ed..5633676da6 100644
    --- a/src/backend/parser/parse_utilcmd.c
    +++ b/src/backend/parser/parse_utilcmd.c
    @@ -954,7 +954,7 @@ transformTableLikeClause(CreateStmtContext *cxt, TableLikeClause *table_like_cla
     		aclresult = pg_type_aclcheck(relation->rd_rel->reltype, GetUserId(),
     									 ACL_USAGE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_TYPE,
    +			aclcheck_error(aclresult, OBJECT_TYPE,
     						   RelationGetRelationName(relation));
     	}
     	else
    @@ -962,7 +962,7 @@ transformTableLikeClause(CreateStmtContext *cxt, TableLikeClause *table_like_cla
     		aclresult = pg_class_aclcheck(RelationGetRelid(relation), GetUserId(),
     									  ACL_SELECT);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_CLASS,
    +			aclcheck_error(aclresult, OBJECT_RELATION,
     						   RelationGetRelationName(relation));
     	}
     
    diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c
    index 247809927a..27857f056a 100644
    --- a/src/backend/rewrite/rewriteDefine.c
    +++ b/src/backend/rewrite/rewriteDefine.c
    @@ -276,7 +276,7 @@ DefineQueryRewrite(const char *rulename,
     	 * Check user has permission to apply rules to this relation.
     	 */
     	if (!pg_class_ownercheck(event_relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     					   RelationGetRelationName(event_relation));
     
     	/*
    @@ -864,7 +864,7 @@ EnableDisableRule(Relation rel, const char *rulename,
     	eventRelationOid = ((Form_pg_rewrite) GETSTRUCT(ruletup))->ev_class;
     	Assert(eventRelationOid == owningRel);
     	if (!pg_class_ownercheck(eventRelationOid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION,
     					   get_rel_name(eventRelationOid));
     
     	/*
    @@ -927,7 +927,7 @@ RangeVarCallbackForRenameRule(const RangeVar *rv, Oid relid, Oid oldrelid,
     
     	/* you must own the table to rename one of its rules */
     	if (!pg_class_ownercheck(relid, GetUserId()))
    -		aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rv->relname);
    +		aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_RELATION, rv->relname);
     
     	ReleaseSysCache(tuple);
     }
    diff --git a/src/backend/tcop/fastpath.c b/src/backend/tcop/fastpath.c
    index a434f7f857..17fffb2bd7 100644
    --- a/src/backend/tcop/fastpath.c
    +++ b/src/backend/tcop/fastpath.c
    @@ -315,13 +315,13 @@ HandleFunctionRequest(StringInfo msgBuf)
     	 */
     	aclresult = pg_namespace_aclcheck(fip->namespace, GetUserId(), ACL_USAGE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
    +		aclcheck_error(aclresult, OBJECT_SCHEMA,
     					   get_namespace_name(fip->namespace));
     	InvokeNamespaceSearchHook(fip->namespace, true);
     
     	aclresult = pg_proc_aclcheck(fid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC,
    +		aclcheck_error(aclresult, OBJECT_FUNCTION,
     					   get_func_name(fid));
     	InvokeFunctionExecuteHook(fid);
     
    diff --git a/src/backend/utils/adt/dbsize.c b/src/backend/utils/adt/dbsize.c
    index 58c0b01bdc..8e72e0654f 100644
    --- a/src/backend/utils/adt/dbsize.c
    +++ b/src/backend/utils/adt/dbsize.c
    @@ -97,7 +97,7 @@ calculate_database_size(Oid dbOid)
     	if (aclresult != ACLCHECK_OK &&
     		!is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
     	{
    -		aclcheck_error(aclresult, ACL_KIND_DATABASE,
    +		aclcheck_error(aclresult, OBJECT_DATABASE,
     					   get_database_name(dbOid));
     	}
     
    @@ -183,7 +183,7 @@ calculate_tablespace_size(Oid tblspcOid)
     	{
     		aclresult = pg_tablespace_aclcheck(tblspcOid, GetUserId(), ACL_CREATE);
     		if (aclresult != ACLCHECK_OK)
    -			aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
    +			aclcheck_error(aclresult, OBJECT_TABLESPACE,
     						   get_tablespace_name(tblspcOid));
     	}
     
    diff --git a/src/backend/utils/adt/tid.c b/src/backend/utils/adt/tid.c
    index 854097dd58..95aa43fb48 100644
    --- a/src/backend/utils/adt/tid.c
    +++ b/src/backend/utils/adt/tid.c
    @@ -343,7 +343,7 @@ currtid_byreloid(PG_FUNCTION_ARGS)
     	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     								  ACL_SELECT);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_CLASS,
    +		aclcheck_error(aclresult, OBJECT_RELATION,
     					   RelationGetRelationName(rel));
     
     	if (rel->rd_rel->relkind == RELKIND_VIEW)
    @@ -377,7 +377,7 @@ currtid_byrelname(PG_FUNCTION_ARGS)
     	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
     								  ACL_SELECT);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_CLASS,
    +		aclcheck_error(aclresult, OBJECT_RELATION,
     					   RelationGetRelationName(rel));
     
     	if (rel->rd_rel->relkind == RELKIND_VIEW)
    diff --git a/src/backend/utils/fmgr/fmgr.c b/src/backend/utils/fmgr/fmgr.c
    index 975c968e3b..69874a8923 100644
    --- a/src/backend/utils/fmgr/fmgr.c
    +++ b/src/backend/utils/fmgr/fmgr.c
    @@ -2124,7 +2124,7 @@ CheckFunctionValidatorAccess(Oid validatorOid, Oid functionOid)
     	aclresult = pg_language_aclcheck(procStruct->prolang, GetUserId(),
     									 ACL_USAGE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_LANGUAGE,
    +		aclcheck_error(aclresult, OBJECT_LANGUAGE,
     					   NameStr(langStruct->lanname));
     
     	/*
    @@ -2134,7 +2134,7 @@ CheckFunctionValidatorAccess(Oid validatorOid, Oid functionOid)
     	 */
     	aclresult = pg_proc_aclcheck(functionOid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC, NameStr(procStruct->proname));
    +		aclcheck_error(aclresult, OBJECT_FUNCTION, NameStr(procStruct->proname));
     
     	ReleaseSysCache(procTup);
     	ReleaseSysCache(langTup);
    diff --git a/src/include/catalog/objectaddress.h b/src/include/catalog/objectaddress.h
    index 5fc54d0e57..b32ff14359 100644
    --- a/src/include/catalog/objectaddress.h
    +++ b/src/include/catalog/objectaddress.h
    @@ -62,7 +62,7 @@ extern AttrNumber get_object_attnum_name(Oid class_id);
     extern AttrNumber get_object_attnum_namespace(Oid class_id);
     extern AttrNumber get_object_attnum_owner(Oid class_id);
     extern AttrNumber get_object_attnum_acl(Oid class_id);
    -extern AclObjectKind get_object_aclkind(Oid class_id);
    +extern ObjectType get_object_type(Oid class_id);
     extern bool get_object_namensp_unique(Oid class_id);
     
     extern HeapTuple get_catalog_object_by_oid(Relation catalog,
    diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
    index a8a6f35dde..fab87fecfa 100644
    --- a/src/include/utils/acl.h
    +++ b/src/include/utils/acl.h
    @@ -182,37 +182,6 @@ typedef enum
     	ACLCHECK_NOT_OWNER
     } AclResult;
     
    -/* this enum covers all object types that can have privilege errors */
    -/* currently it's only used to tell aclcheck_error what to say */
    -typedef enum AclObjectKind
    -{
    -	ACL_KIND_COLUMN,			/* pg_attribute */
    -	ACL_KIND_CLASS,				/* pg_class */
    -	ACL_KIND_SEQUENCE,			/* pg_sequence */
    -	ACL_KIND_DATABASE,			/* pg_database */
    -	ACL_KIND_PROC,				/* pg_proc */
    -	ACL_KIND_OPER,				/* pg_operator */
    -	ACL_KIND_TYPE,				/* pg_type */
    -	ACL_KIND_LANGUAGE,			/* pg_language */
    -	ACL_KIND_LARGEOBJECT,		/* pg_largeobject */
    -	ACL_KIND_NAMESPACE,			/* pg_namespace */
    -	ACL_KIND_OPCLASS,			/* pg_opclass */
    -	ACL_KIND_OPFAMILY,			/* pg_opfamily */
    -	ACL_KIND_COLLATION,			/* pg_collation */
    -	ACL_KIND_CONVERSION,		/* pg_conversion */
    -	ACL_KIND_STATISTICS,		/* pg_statistic_ext */
    -	ACL_KIND_TABLESPACE,		/* pg_tablespace */
    -	ACL_KIND_TSDICTIONARY,		/* pg_ts_dict */
    -	ACL_KIND_TSCONFIGURATION,	/* pg_ts_config */
    -	ACL_KIND_FDW,				/* pg_foreign_data_wrapper */
    -	ACL_KIND_FOREIGN_SERVER,	/* pg_foreign_server */
    -	ACL_KIND_EVENT_TRIGGER,		/* pg_event_trigger */
    -	ACL_KIND_EXTENSION,			/* pg_extension */
    -	ACL_KIND_PUBLICATION,		/* pg_publication */
    -	ACL_KIND_SUBSCRIPTION,		/* pg_subscription */
    -	MAX_ACL_KIND				/* MUST BE LAST */
    -} AclObjectKind;
    -
     
     /*
      * routines used internally
    @@ -301,10 +270,10 @@ extern AclResult pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMo
     extern AclResult pg_foreign_server_aclcheck(Oid srv_oid, Oid roleid, AclMode mode);
     extern AclResult pg_type_aclcheck(Oid type_oid, Oid roleid, AclMode mode);
     
    -extern void aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
    +extern void aclcheck_error(AclResult aclerr, ObjectType objtype,
     			   const char *objectname);
     
    -extern void aclcheck_error_col(AclResult aclerr, AclObjectKind objectkind,
    +extern void aclcheck_error_col(AclResult aclerr, ObjectType objtype,
     				   const char *objectname, const char *colname);
     
     extern void aclcheck_error_type(AclResult aclerr, Oid typeOid);
    diff --git a/src/pl/tcl/pltcl.c b/src/pl/tcl/pltcl.c
    index e0792d93e1..690a81aa83 100644
    --- a/src/pl/tcl/pltcl.c
    +++ b/src/pl/tcl/pltcl.c
    @@ -618,7 +618,7 @@ call_pltcl_start_proc(Oid prolang, bool pltrusted)
     	/* Current user must have permission to call function */
     	aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
     	if (aclresult != ACLCHECK_OK)
    -		aclcheck_error(aclresult, ACL_KIND_PROC, start_proc);
    +		aclcheck_error(aclresult, OBJECT_FUNCTION, start_proc);
     
     	/* Get the function's pg_proc entry */
     	procTup = SearchSysCache1(PROCOID, ObjectIdGetDatum(procOid));
    diff --git a/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out b/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
    index 77bdc9345d..b2d898a7d1 100644
    --- a/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
    +++ b/src/test/modules/dummy_seclabel/expected/dummy_seclabel.out
    @@ -30,14 +30,14 @@ SECURITY LABEL FOR 'dummy' ON TABLE dummy_seclabel_tbl1 IS 'unclassified';	-- OK
     SECURITY LABEL FOR 'unknown_seclabel' ON TABLE dummy_seclabel_tbl1 IS 'classified';	-- fail
     ERROR:  security label provider "unknown_seclabel" is not loaded
     SECURITY LABEL ON TABLE dummy_seclabel_tbl2 IS 'unclassified';	-- fail (not owner)
    -ERROR:  must be owner of relation dummy_seclabel_tbl2
    +ERROR:  must be owner of table dummy_seclabel_tbl2
     SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'secret';		-- fail (not superuser)
     ERROR:  only superuser can set 'secret' label
     SECURITY LABEL ON TABLE dummy_seclabel_tbl3 IS 'unclassified';	-- fail (not found)
     ERROR:  relation "dummy_seclabel_tbl3" does not exist
     SET SESSION AUTHORIZATION regress_dummy_seclabel_user2;
     SECURITY LABEL ON TABLE dummy_seclabel_tbl1 IS 'unclassified';		-- fail
    -ERROR:  must be owner of relation dummy_seclabel_tbl1
    +ERROR:  must be owner of table dummy_seclabel_tbl1
     SECURITY LABEL ON TABLE dummy_seclabel_tbl2 IS 'classified';			-- OK
     --
     -- Test for shared database object
    diff --git a/src/test/regress/expected/create_procedure.out b/src/test/regress/expected/create_procedure.out
    index 5538ef2f2b..9a5be38a76 100644
    --- a/src/test/regress/expected/create_procedure.out
    +++ b/src/test/regress/expected/create_procedure.out
    @@ -73,7 +73,7 @@ GRANT INSERT ON cp_test TO regress_user1;
     REVOKE EXECUTE ON PROCEDURE ptest1(text) FROM PUBLIC;
     SET ROLE regress_user1;
     CALL ptest1('a');  -- error
    -ERROR:  permission denied for function ptest1
    +ERROR:  permission denied for procedure ptest1
     RESET ROLE;
     GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_user1;
     SET ROLE regress_user1;
    diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
    index e6994f0490..87e9211f6a 100644
    --- a/src/test/regress/expected/privileges.out
    +++ b/src/test/regress/expected/privileges.out
    @@ -694,9 +694,9 @@ SET SESSION AUTHORIZATION regress_user3;
     SELECT testfunc1(5); -- fail
     ERROR:  permission denied for function testfunc1
     SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail
    -ERROR:  permission denied for function testagg1
    +ERROR:  permission denied for aggregate testagg1
     CALL testproc1(6); -- fail
    -ERROR:  permission denied for function testproc1
    +ERROR:  permission denied for procedure testproc1
     SELECT col1 FROM atest2 WHERE col2 = true; -- fail
     ERROR:  permission denied for relation atest2
     SELECT testfunc4(true); -- ok
    @@ -722,9 +722,9 @@ CALL testproc1(6); -- ok
     DROP FUNCTION testfunc1(int); -- fail
     ERROR:  must be owner of function testfunc1
     DROP AGGREGATE testagg1(int); -- fail
    -ERROR:  must be owner of function testagg1
    +ERROR:  must be owner of aggregate testagg1
     DROP PROCEDURE testproc1(int); -- fail
    -ERROR:  must be owner of function testproc1
    +ERROR:  must be owner of procedure testproc1
     \c -
     DROP FUNCTION testfunc1(int); -- ok
     -- restore to sanity
    -- 
    2.15.1
    
    
    --------------12F6704ECBA3D4E5413AF748--