Skip site navigation (1) Skip section navigation (2)

Re: Feature request: permissions change history for auditing

From: Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk>
To: pgsql-hackers(at)postgresql(dot)org, Thom Brown <thombrown(at)gmail(dot)com>
Subject: Re: Feature request: permissions change history for auditing
Date: 2009-11-30 12:38:58
Message-ID: 114000.9747.qm@web23605.mail.ird.yahoo.com (view raw or flat)
Thread:
Lists: pgsql-hackers
--- On Mon, 30/11/09, Thom Brown <thombrown(at)gmail(dot)com> wrote:

> As far as I am aware, there is no way to tell when a
> user/role was granted permissions or had permissions
> revoked, or who made these changes.  I'm wondering if
> it would be useful for security auditing to maintain a
> history of permissions changes only accessible to
> superusers?

I'd have thought you could keep track of this in the logs by setting log_statement >= ddl ?

I'm pretty sure this is a feature that's not wanted, but the ability to add triggers to these sorts of events would surely make more sense than a specific auditing capability.


      

In response to

Responses

pgsql-hackers by date

Next:From: Joachim WielandDate: 2009-11-30 13:14:17
Subject: Re: Listen / Notify - what to do when the queue is full
Previous:From: Thom BrownDate: 2009-11-30 12:29:57
Subject: Feature request: permissions change history for auditing

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group