diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index edc9be92a6..c81e5aa1b4 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -16829,6 +16829,151 @@ SELECT has_function_privilege('joeuser', 'myfunc(int, text)', 'execute');
be specified by name or by OID.
+
+ shows functions to
+ manage the aclitem type, the internal representation of access
+ privileges.
+ An aclitem entry describes the permissions of a grantee,
+ whether they are grantable or not, and which grantor granted them.
+ For instance, calvin=r*w/hobbes tells that
+ role calvin has
+ grantable privilege SELECT (r*)
+ and non-grantable privilege UPDATE (w)
+ granted by role hobbes.
+ An empty grantee stands for PUBLIC.
+
+
+
+ <type>aclitem</type> Management Functions
+
+
+ Name Return Type Description
+
+
+
+ aclcontains(acls, acl)
+ boolean
+ tell whether privilege acl is contained within acls
+
+
+ acldefault(type,
+ oid)
+ aclitem[]
+ default hardcoded access privileges for an object belonging to oid
+
+
+ aclexplode(acls)
+ setof record
+ show aclitem array acls as tuples
+
+
+ aclinsert(acls, acl)
+ aclitem[]
+ add acl to acls
+
+
+ aclitemeq(acl1, acl2)
+ boolean
+ tell whether two aclitems are equal
+
+
+ aclitemin(cstring)
+ aclitem
+ internal aclitem type input function
+
+
+ aclitemout(acl)
+ cstring
+ internal aclitem type output function
+
+
+ aclremove(acls, acl)
+ aclitem[]
+ remove acl from acls
+
+
+ hash_aclitem(acl)
+ int
+ internal aclitem hashing function
+
+
+ makeaclitem(grantee, grantor, privilege, grantable)
+ aclitem
+ build an aclitem from input
+
+
+
+
+
+
+ aclitem
+
+
+ aclcontains
+
+
+ aclinsert
+
+
+ aclremove
+
+
+ acldefault
+
+
+ aclexplode
+
+
+ makeaclitem
+
+
+
+ acldefault returns the hardcoded default access privileges
+ for an object of type belonging to role oid.
+ Type is a CHAR, use
+ 'c' for COLUMN,
+ 'r' for relation-like objects such as TABLE or VIEW,
+ 's' for SEQUENCE,
+ 'd' for DATABASE,
+ 'f' for FUNCTION or PROCEDURE,
+ 'l' for LANGUAGE,
+ 'L' for LARGE OBJECT,
+ 'n' for SCHEMA,
+ 't' for TABLESPACE,
+ 'F' for FOREIGN DATA WRAPPER,
+ 'S' for FOREIGN SERVER,
+ 'T' for TYPE or DOMAIN.
+ Default access privileges are described in
+ and can be overwritten with
+ .
+
+
+
+ aclexplode shows a set of record describing
+ aclitem array acls.
+ Output columns are grantor oid,
+ grantee OID (0 for PUBLIC),
+ granted privilege as text (SELECT, ...)
+ and whether the prilivege is grantable as boolean.
+ makeaclitem performs the inverse operation.
+
+
+
+ aclinsert, aclremove and
+ aclcontains allow to insert/remove/check whether
+ a privilege described by an aclitem
+ into/from/is contained by an array of aclitem.
+
+
+
+ aclitemin,
+ aclitemout,
+ aclitemeq and
+ hash_aclitem
+ are internal functions to input, output, compare and hash
+ an aclitem.
+
+
shows functions that
determine whether a certain object is visible in the