--- On Mon, 30/11/09, Thom Brown <thombrown(at)gmail(dot)com> wrote:
> As far as I am aware, there is no way to tell when a
> user/role was granted permissions or had permissions
> revoked, or who made these changes. I'm wondering if
> it would be useful for security auditing to maintain a
> history of permissions changes only accessible to
> superusers?
I'd have thought you could keep track of this in the logs by setting log_statement >= ddl ?
I'm pretty sure this is a feature that's not wanted, but the ability to add triggers to these sorts of events would surely make more sense than a specific auditing capability.