* Simon Riggs (simon@2ndQuadrant.com) wrote:
> On 27 December 2014 at 08:47, Abhijit Menon-Sen <ams@2ndquadrant.com> wrote:
>
> > But there's no way to say *don't* audit select on foo by simon.
>
> We can cover what it does and does not do in some doc examples.
>
> When submitted, pgaudit didn't have very complex auditing rules.
> Stephen's suggestion improves that considerably, but isn't the only
> conceivable logging rule. But we'll need to see what else is needed; I
> doubt we'll need everything, at least not in PG9.5
Agreed, it allows us much more flexibility, but it isn't a panacea. I'm
hopeful that it'll be flexibile enough for certain regulatory-required
use-cases. In any case, it's much closer and is certainly worthwhile
even if it doesn't allow for every possible configuration or ends up not
meeting specific regulatory needs because it moves us to a place where
we can sensibly consider "what else is needed?"
Thanks,
Stephen