diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
index c63252ca247..330fd79b219 100644
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -156,12 +156,22 @@ GRANT role_name [, ...] TO
PostgreSQL grants default privileges on some types of objects to
PUBLIC. No privileges are granted to
- PUBLIC by default on tables,
- columns, schemas or tablespaces. For other types, the default privileges
+ PUBLIC by default on
+ tables,
+ table columns,
+ sequences,
+ foreign data wrappers,
+ foreign servers,
+ large objects,
+ schemas,
+ or tablespaces.
+ For other types of objects, the default privileges
granted to PUBLIC are as follows:
- CONNECT and CREATE TEMP TABLE for
- databases; EXECUTE privilege for functions; and
- USAGE privilege for languages.
+ CONNECT and TEMPORARY (create
+ temporary tables) privileges for databases;
+ EXECUTE privilege for functions; and
+ USAGE privilege for languages and data types
+ (including domains).
The object owner can, of course, REVOKE
both default and expressly granted privileges. (For maximum
security, issue the REVOKE in the same transaction that
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c
index 2efb6c94e11..853561bb26d 100644
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@@ -722,7 +722,9 @@ hash_aclitem(PG_FUNCTION_ARGS)
* acldefault() --- create an ACL describing default access permissions
*
* Change this routine if you want to alter the default access policy for
- * newly-created objects (or any object with a NULL acl entry).
+ * newly-created objects (or any object with a NULL acl entry). When
+ * you make a change here, don't forget to update the GRANT man page,
+ * which explains all the default permissions.
*
* Note that these are the hard-wired "defaults" that are used in the
* absence of any pg_default_acl entry.