Yeb,
* Yeb Havinga (yebhavinga@gmail.com) wrote:
> On 20/01/15 23:03, Jim Nasby wrote:> On 1/20/15 2:20 PM, Robert Haas wrote:
> > +1. In particular I'm very concerned with the idea of doing this via
> > roles, because that would make it trivial for any superuser to disable
> > auditing.
>
> Rejecting the audit administration through the GRANT system, on the
> grounds that it easy for the superuser to disable it, seems unreasonable
> to me, since superusers are different from non-superusers in a
> fundamental way.
Agreed.
> The patch as it is, is targeted at auditing user/application level
> access to the database, and as such it matches the use case of auditing
> user actions.
Right, and that's a *very* worthwhile use-case.
> Auditing superuser access means auditing beyond the running database.
Exactly! :)
Thanks!
Stephen