On 14 October 2014 13:57, Stephen Frost <sfr...@snowman.net> wrote: > Create an 'audit' role. > > Every command run by roles which are granted to the 'audit' role are > audited. > > Every 'select' against tables which the 'audit' role has 'select' rights > on are audited. Similairly for every insert, update, delete.
I think that's a good idea. We could have pg_audit.roles = 'audit1, audit2' so users can specify any audit roles they wish, which might even be existing user names. That is nice because it allows multiple completely independent auditors to investigate whatever they choose without discussing with other auditors. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers