--- On Mon, 30/11/09, Thom Brown <thombrown(at)gmail(dot)com> wrote:
> As far as I am aware, there is no way to tell when a
> user/role was granted permissions or had permissions
> revoked, or who made these changes. I'm wondering if
> it would be useful for security auditing to maintain a
> history of permissions changes only accessible to
I'd have thought you could keep track of this in the logs by setting log_statement >= ddl ?
I'm pretty sure this is a feature that's not wanted, but the ability to add triggers to these sorts of events would surely make more sense than a specific auditing capability.
In response to
pgsql-hackers by date
|Next:||From: Joachim Wieland||Date: 2009-11-30 13:14:17|
|Subject: Re: Listen / Notify - what to do when the queue is full|
|Previous:||From: Thom Brown||Date: 2009-11-30 12:29:57|
|Subject: Feature request: permissions change history for auditing|