On Fri, Feb 19, 2016 at 11:20:13AM -0500, David Steele wrote:
> On 2/19/16 10:54 AM, Alvaro Herrera wrote:
> > Bruce Momjian wrote:
> >
> >> Understood. My point is that there is a short list of read events, and
> >> many DDL events. We have already hesitated to record DDL changes for
> >> logical replication because of the code size, maintenance overhead, and
> >> testing required.
> >
> > DDL is already captured using the event triggers mechanism (which is
> > what it was invented for in the first place). The only thing we don't
> > have is a hardcoded mechanism to transform it from C struct format to
> > SQL language.
>
> Since DDL event triggers only cover database-level DDL they miss a lot
> that is very important to auditing, e.g. CREATE/ALTER/DROP ROLE,
> GRANT/REVOKE, CREATE/ALTER/DROP DATABASE, etc.
Well, we need to enhance them then.
> I would like to see a general mechanism that allows event triggers,
> logical replication, and audit to all get the information they need
> without them being tied to each other directly.
I think the reporting of DDL would be produced in a way that could be
used by auditing or logical replication, as I already stated.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +