* Simon Riggs (simon@2ndQuadrant.com) wrote:
> On 14 October 2014 13:57, Stephen Frost <sfrost@snowman.net> wrote:
>
> > Create an 'audit' role.
> >
> > Every command run by roles which are granted to the 'audit' role are
> > audited.
> >
> > Every 'select' against tables which the 'audit' role has 'select' rights
> > on are audited. Similairly for every insert, update, delete.
>
> I think that's a good idea.
>
> We could have pg_audit.roles = 'audit1, audit2'
> so users can specify any audit roles they wish, which might even be
> existing user names.
Agreed.
> That is nice because it allows multiple completely independent
> auditors to investigate whatever they choose without discussing with
> other auditors.
Yes, also a good thought.
Thanks!
Stephen