Yeb, * Yeb Havinga (yebhavi...@gmail.com) wrote: > On 20/01/15 23:03, Jim Nasby wrote:> On 1/20/15 2:20 PM, Robert Haas wrote: > > +1. In particular I'm very concerned with the idea of doing this via > > roles, because that would make it trivial for any superuser to disable > > auditing. > > Rejecting the audit administration through the GRANT system, on the > grounds that it easy for the superuser to disable it, seems unreasonable > to me, since superusers are different from non-superusers in a > fundamental way.
Agreed. > The patch as it is, is targeted at auditing user/application level > access to the database, and as such it matches the use case of auditing > user actions. Right, and that's a *very* worthwhile use-case. > Auditing superuser access means auditing beyond the running database. Exactly! :) Thanks! Stephen
signature.asc
Description: Digital signature