On Tue, Jan 20, 2015 at 5:03 PM, Jim Nasby <Jim.Nasby@bluetreble.com> wrote:
> +1. In particular I'm very concerned with the idea of doing this via roles,
> because that would make it trivial for any superuser to disable auditing.
> The only good option I could see to provide this kind of flexibility would
> be allowing the user to provide a function that accepts role, object, etc
> and make return a boolean. The performance of that would presumably suck
> with anything but a C function, but we could provide some C functions to
> handle simple cases.
>
> That said, I think the best idea at this stage is either log everything or
> nothing. We can always expand upon that later.
I think this is throwing the baby out with the bathwater. Neither C
functions nor all-or-nothing are going to be of any practical use.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
