diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 7abf3c2a74..1d13e2119b 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -2049,8 +2049,32 @@ ExecGrant_Relation(InternalGrant *istmt)
 
 			CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
-			/* Update initial privileges for extensions */
-			recordExtensionInitPriv(relOid, RelationRelationId, 0, new_acl);
+			/*
+			 * Update initial privileges for extensions. We need to avoid the
+			 * default privileges as they don't come from the extension init
+			 * script.
+			 */
+			if (creating_extension)
+			{
+				Acl		   *new_init_priv_acl;
+				Acl		   *old_init_priv_acl;
+
+				if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
+					old_init_priv_acl = acldefault(OBJECT_SEQUENCE, ownerId);
+				else
+					old_init_priv_acl = acldefault(OBJECT_TABLE, ownerId);
+
+				new_init_priv_acl = merge_acl_with_grant(old_init_priv_acl,
+														 istmt->is_grant,
+														 istmt->grant_option,
+														 istmt->behavior,
+														 istmt->grantees,
+														 this_privileges,
+														 grantorId, ownerId);
+				recordExtensionInitPriv(relOid, RelationRelationId, 0,
+										new_init_priv_acl);
+				pfree(new_init_priv_acl);
+			}
 
 			/* Update the shared dependency ACL info */
 			updateAclDependencies(RelationRelationId, relOid, 0,
@@ -2251,8 +2275,22 @@ ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs,
 		CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
 		/* Update initial privileges for extensions */
-		recordExtensionInitPriv(objectid, classid, 0, new_acl);
-
+		if (creating_extension)
+		{
+			Acl		   *old_init_privs_acl;
+			Acl		   *new_init_privs_acl;
+
+			old_init_privs_acl = acldefault(get_object_type(classid, objectid), ownerId);
+			new_init_privs_acl = merge_acl_with_grant(old_init_privs_acl,
+													  istmt->is_grant,
+													  istmt->grant_option,
+													  istmt->behavior,
+													  istmt->grantees,
+													  this_privileges,
+													  grantorId, ownerId);
+			recordExtensionInitPriv(objectid, classid, 0, new_init_privs_acl);
+			pfree(new_init_privs_acl);
+		}
 		/* Update the shared dependency ACL info */
 		updateAclDependencies(classid,
 							  objectid, 0,
@@ -2403,7 +2441,20 @@ ExecGrant_Largeobject(InternalGrant *istmt)
 		CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
 		/* Update initial privileges for extensions */
-		recordExtensionInitPriv(loid, LargeObjectRelationId, 0, new_acl);
+		if (creating_extension)
+		{
+			Acl		   *new_init_priv_acl;
+
+			new_init_priv_acl = merge_acl_with_grant(acldefault(OBJECT_LARGEOBJECT, ownerId),
+													 istmt->is_grant,
+													 istmt->grant_option,
+													 istmt->behavior,
+													 istmt->grantees,
+													 this_privileges,
+													 grantorId, ownerId);
+			recordExtensionInitPriv(loid, LargeObjectRelationId, 0, new_init_priv_acl);
+			pfree(new_init_priv_acl);
+		}
 
 		/* Update the shared dependency ACL info */
 		updateAclDependencies(LargeObjectRelationId,
@@ -2573,9 +2624,22 @@ ExecGrant_Parameter(InternalGrant *istmt)
 			CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 		}
 
-		/* Update initial privileges for extensions */
-		recordExtensionInitPriv(parameterId, ParameterAclRelationId, 0,
-								new_acl);
+		if (creating_extension)
+		{
+			Acl		   *new_init_priv_acl;
+
+			new_init_priv_acl = merge_acl_with_grant(acldefault(istmt->objtype, ownerId),
+													 istmt->is_grant,
+													 istmt->grant_option,
+													 istmt->behavior,
+													 istmt->grantees,
+													 this_privileges,
+													 grantorId, ownerId);
+			/* Update initial privileges for extensions */
+			recordExtensionInitPriv(parameterId, ParameterAclRelationId, 0,
+									new_init_priv_acl);
+			pfree(new_init_priv_acl);
+		}
 
 		/* Update the shared dependency ACL info */
 		updateAclDependencies(ParameterAclRelationId, parameterId, 0,