Extensions
acl

acl

pg_acl : ACL Data type

Overview

IDExtensionPackageVersionCategoryLicenseLanguage
3860
acl
pg_acl
1.0.4
TYPE
BSD 2-Clause
C
AttributeHas BinaryHas LibraryNeed LoadHas DDLRelocatableTrusted
--s-d-r
No
Yes
No
Yes
yes
no
Relationships
See Also
prefix
semver
unit
pgpdf
pglite_fusion
md5hash
asn1oid
roaringbitmap

+cast pg_uuid_t

Packages

TypeRepoVersionPG Major CompatibilityPackage PatternDependencies
EXT
PIGSTY
1.0.4
18
17
16
15
14
pg_acl-
RPM
PIGSTY
1.0.4
18
17
16
15
14
acl_$v-
DEB
PIGSTY
1.0.4
18
17
16
15
14
postgresql-$v-acl-
Linux / PGPG18PG17PG16PG15PG14
el8.x86_64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
el8.aarch64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
el9.x86_64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
el9.aarch64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
el10.x86_64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
el10.aarch64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
d12.x86_64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
d12.aarch64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
d13.x86_64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
d13.aarch64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
u22.x86_64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
u22.aarch64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
u24.x86_64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
u24.aarch64
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4
PIGSTY 1.0.4

Source

Repository
github.com/arkhipov/acl
Source Tarball
acl-1.0.4.tar.gz
pig build pkg pg_acl;		# build rpm/deb

Install

Make sure PGDG and PIGSTY repo available:

pig repo add pgsql -u   # add both repo and update cache

Install this extension with pig:

pig install pg_acl;		# install via package name, for the active PG version
pig install acl;		# install by extension name, for the current active PG version

pig install acl -v 18;   # install for PG 18
pig install acl -v 17;   # install for PG 17
pig install acl -v 16;   # install for PG 16
pig install acl -v 15;   # install for PG 15
pig install acl -v 14;   # install for PG 14

Create this extension with:

CREATE EXTENSION acl;

Usage

acl: access control list data type for PostgreSQL

The acl extension provides Access Control List types for row-level security based on application users, without requiring separate database accounts.

CREATE EXTENSION acl;

Data Types

  • ace: Standard role-based ACE using PostgreSQL OIDs
  • ace_int4: ACE with 32-bit integer identifiers
  • ace_int8: ACE with 64-bit integer identifiers
  • ace_uuid: ACE with UUID identifiers

ACLs are stored as PostgreSQL arrays of ACE types (e.g., ace[]).

ACE Format 

[type]/[flags]/[who]=[mask]
  • Type: a (allow) or d (deny)
  • Flags: i (inherit only), o (object inherit), c (container inherit), p (no propagate), h (inherited)
  • Who: Role name, OID, integer, UUID, or "" (everyone)
  • Permissions: r (read), w (write), d (delete), c (read ACL), s (write ACL), plus 16 custom permissions (0-F)

Checking Permissions 

-- Check current user's access
SELECT acl_check_access(acl_column, 'rw', false) FROM my_table;

-- Check specific role
SELECT acl_check_access(acl_column, 'r', 'username'::name, false);

-- Check custom int4 roles
SELECT acl_check_access(acl_column, 'rw', ARRAY[1001, 1002]::int4[], false);

ACL Inheritance 

-- Compute child ACL from parent
SELECT acl_merge(parent_acl, child_acl, true, true);

Row-Level Security Example 

CREATE TABLE file_system (
    id   int PRIMARY KEY,
    name text,
    acl  ace[]
);

ALTER TABLE file_system ENABLE ROW LEVEL SECURITY;

CREATE POLICY read_policy ON file_system FOR SELECT TO PUBLIC
    USING (acl_check_access(acl, 'r', false) = 'r');

CREATE POLICY write_policy ON file_system FOR UPDATE TO PUBLIC
    USING (acl_check_access(acl, 'w', false) = 'w');
Last updated on
emailaddrdebversion