Re: pgaudit - an auditing extension for PostgreSQL

On 14 October 2014 13:57, Stephen Frost <sfrost@snowman.net> wrote:

> Create an 'audit' role.
>
> Every command run by roles which are granted to the 'audit' role are
> audited.
>
> Every 'select' against tables which the 'audit' role has 'select' rights
> on are audited.  Similairly for every insert, update, delete.

I think that's a good idea.

We could have pg_audit.roles = 'audit1, audit2'
so users can specify any audit roles they wish, which might even be
existing user names.

That is nice because it allows multiple completely independent
auditors to investigate whatever they choose without discussing with
other auditors.

-- Simon Riggs                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services