audit trail for viewed data

I have been asked to investigate creating an "audit trail" for viewed data. Essentially we have a requirement of "who saw what and when" (something similar to 'select' triggers and yes I know those don't exist and why). So far the who and when are easy but I haven't been able to track what was returned in the data set.

My first pass attempt at a solution was to use a set returning function that inserted to the audit trail and then I would revoke select from the base table and use security definer on the function to do the select. I tried something similar to the following:

create table a as select i as id from generate_series(1, 5000) as i;

create table b as select i as id from generate_series(4000, 7500) as i;

create table audit ( id integer, accessed timestamp with time zone, user_name text );

create function b_select(_user_name text) returns table(id integer) as '
-- not sure what to use here for id because it does not seem like anything is in scope
insert into audit (id, accessed, user_name)
values (NULL, now(), $1);
select * from b;' language sql;

select *
from a
inner join b_select('test') using (id)
where b_select.id < 4250;

-- I was hoping this would return the 250 records viewed
select * from audit;

I'm sure this has to do with the function not knowing anything about the join inclusion/exclusion nor the where clause, but I'm wondering if this is a problem that anyone else has experienced in the past. Is there a way to do this at the database level or do we need to try to build something into the application to do the tracking?

Thanks in advance.

________________________________

Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.