At 2014-05-04 11:03:56 -0400, sfr...@snowman.net wrote: > > Another reloption is one option, or an extension on the ACL system > (for that piece of it), or we could make a new catalog for it (ala > pg_seclabel), or perhaps add it on to one (pg_seclabel but rename > it to pg_security..?).
I'll look into those possibilities, thanks. > Perhaps it could be a role-level permission instead of one which is > per-table, but I don't think this should be superuser-only. I like the idea of a role-level permission, or a (db,role)-level permission (i.e. "role x is auditor for database y"), but I don't feel I know enough about real-world auditing requirements to make an informed decision here. Ian did some research into how auditing is handled in other systems. He's on vacation right now, and I'm not sure how much detail his report has on this particular subject, but I'll have a look and try to present a summary soon. -- Abhijit -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
