Simon, * Simon Riggs (si...@2ndquadrant.com) wrote: > On 31 July 2014 22:34, Stephen Frost <sfr...@snowman.net> wrote: > > There was a pretty good thread regarding reloptions and making it so > > extensions could use them which seemed to end up with a proposal to turn > > 'security labels' into a more generic metadata capability. Using that > > kind of a mechanism would at least address one of my concerns about > > using reloptions (specifically that they're specific to relations and > > don't account for the other objects in the system). Unfortunately, the > > flexibility desired for auditing is more than just "all actions of this > > role" or "all actions on this table" but also "actions of this role on > > this table", which doesn't fit as well. > > Yes, there is a requirement, in some cases, for per role/relation > metadata. Grant and ACLs are a good example. > > I spoke with Robert about a year ago that the patch he was most proud > of was the reloptions abstraction. Whatever we do in the future, > keeping metadata in a slightly more abstract form is very useful.
Agreed. > I hope we can get pgAudit in as a module for 9.5. I also hope that it > will stimulate the requirements/funding of further work in this area, > rather than squash it. My feeling is we have more examples of feature > sets that grow over time (replication, view handling, hstore/JSONB > etc) than we have examples of things languishing in need of attention > (partitioning). I've come around to this also (which I think I commented on previously..), as it sounds like the upgrade concerns I was worried about can be addressed, and having pgAudit would certainly be better than not having any kind of auditing support. Thanks, Stephen
signature.asc
Description: Digital signature