Stephen Frost wrote:
> I don't have time right at the moment (leaving shortly and will be gone
> all weekend) but what I would do is check the SQL standard, especially
> the information schema, for any requirement to track the grantor. Much
> of what I did was based on the standard so that may have been the
> instigation for tracking grantor.
Hmm. I had forgotten the information schema. I just checked: the only
view using pg_auth_members is APPLICABLE_ROLES, and that one doesn't
display the grantor column.
> Though, even without that, we track
> the grantor of most other grants (possibly all currently?) and it seems
> like a useful bit of information for DBAs to be able to know who granted
> what to whom.
I note that the grantor of ACLs are listed separately, for example in
COLUMN_PRIVILEGES, ROLE_COLUMN_GRANTS, etc.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.