Thom Brown escreveu:
> As far as I am aware, there is no way to tell when a user/role was
> granted permissions or had permissions revoked, or who made these
> changes. I'm wondering if it would be useful for security auditing to
> maintain a history of permissions changes only accessible to superusers?
>
If the utility command hook patch is approved, it will be possible to track
commands rather than DML ones. In that case, it would be trivial to do some
extension that covers your audit concerns.
[1] https://commitfest.postgresql.org/action/patch_view?id=196
--
Euler Taveira de Oliveira
http://www.timbira.com/