Jim,
* Jim Nasby (Jim.Nasby@BlueTreble.com) wrote:
> When it comes to changing auditing settings, I think that needs to be very restrictive. Really, it should be more (or
differently)restrictive than SU, so that you can effectively audit your superusers with minimal worries about
superuserstampering with auditing.
I continue to be of the opinion that you're not going to be able to
effectively audit your superusers with any mechanism that resides inside
of the process space which superusers control. If you want to audit
superusers, you need something that operates outside of the postgres
process space. I'm certainly interested in that, but it's an orthogonal
discussion to anything we're talking about here.
Thanks,
Stephen