2009/11/30 Glyn Astill <glynast...@yahoo.co.uk> > --- On Mon, 30/11/09, Thom Brown <thombr...@gmail.com> wrote: > > > As far as I am aware, there is no way to tell when a > > user/role was granted permissions or had permissions > > revoked, or who made these changes. I'm wondering if > > it would be useful for security auditing to maintain a > > history of permissions changes only accessible to > > superusers? > > I'd have thought you could keep track of this in the logs by setting > log_statement >= ddl ? > > I'm pretty sure this is a feature that's not wanted, but the ability to add > triggers to these sorts of events would surely make more sense than a > specific auditing capability. > > I concede your suggestion of the ddl log output. I guess that could then be filtered to obtain the necessary information.
Thanks Thom