The catalog pg_default_acl stores initial privileges to be assigned to newly created objects.
Table 45-16. pg_default_acl Columns
|defaclrole||oid||pg_authid.oid||The OID of the role associated with this entry|
|defaclnamespace||oid||pg_namespace.oid||The OID of the namespace associated with this entry, or 0 if none|
|defaclobjtype||char||Type of object this entry is for: r = relation (table, view), S = sequence, f = function|
|defaclacl||aclitem||Access privileges that this type of object should have on creation|
A pg_default_acl entry shows the initial privileges to be assigned to an object belonging to the indicated user. There are currently two types of entry: "global" entries with defaclnamespace = 0, and "per-schema" entries that reference a particular schema. If a global entry is present then it overrides the normal hard-wired default privileges for the object type. A per-schema entry, if present, represents privileges to be added to the global or hard-wired default privileges.
Note that when an ACL entry in another catalog is null, it is taken to represent the hard-wired default privileges for its object, not whatever might be in pg_default_acl at the moment. pg_default_acl is only consulted during object creation.