"John D. Burger" <john(at)mitre(dot)org> writes:
> How dangerous is it to UPDATE pg_class
> directly, perhaps copying the relacl column for a table that I've
> done by hand with GRANT.
You can do it, and it will seem to work. However, unless you also make
entries in pg_shdepend, bad things will happen if you later drop any of
the users mentioned in the ACL. Your code will also be vulnerable to
breakage in future releases if we change any of these details.
A better approach is to write a plpgsql function that assembles and
EXECUTEs the required GRANT commands.
regards, tom lane