When an object is created, it is assigned an owner. The owner is normally the role that
executed the creation statement. For most kinds of objects, the initial state is that only the
owner (or a superuser) can do anything with the object. To allow other roles to use it, privileges
must be granted. There are several different kinds of privilege: SELECT, INSERT, UPDATE, DELETE,
TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE.
To assign, modify and remove model objects' privileges, the
ACL Manager is used.
ACL stands for "Access Control List". We will use this term along with "Priveleges" term.
The special name PUBLIC can be used to grant a privilege to every role on the system.
The special privileges of an object's owner (i.e., the right to modify or destroy the object) are always
implicit in being the owner, and cannot be granted or revoked. But the owner can choose to revoke his own
ordinary privileges, for example to make a table read-only for himself as well as others.