Alvaro Herrera <alvhe...@alvh.no-ip.org> writes:
> On 2021-Jul-26, Tom Lane wrote:
>> Uh, why not? If you own the trigger, you can drop it, so why shouldn't
>> you be able to temporarily disable it?
> I think an auditing system that can be turned off by the audited user is
> pretty much useless. Or did I misunderstood what you are suggesting?
For auditing purposes, you make a trusted role that owns the trigger,
and is a member of the roles whose actions are to be audited (but NOT
vice versa). I think that any idea that the auditing role doesn't
need to be trusted that much is foolhardy. What we can buy here is
not requiring the auditing role to be full superuser ... assuming that
you don't need auditing of superusers.
regards, tom lane
