I can see the usefulness of this concept from a "Data Security" point of
At one place I worked, it was known one of the marketing people had a
reputation of gathering customer details before leaving a job, just so
he had something to bargain a pay increase with for his next job. Don't
know why people hire a guy like that (I wouldn't), but these people
It should definitely be optional, and if not turned on for an object I
don't think it should have an associated noticable performance penalty.
My thought is useful, but not sure how urgent when compared to other
Gavin Sherry wrote:
> Hi all,
> I've been thinking implementing auditing for Postgres 7.3 and wanted to
> see if anyone had any thoughts about it.
> Auditing would allow a user to log queries executed upon different
> 'schema' objects - I use the loose sense of the word here. The user would
> be able to define the type of query - insert, delete, etc - as well as
> choose to log only those queries which were successful or otherwise.
> The superuser would be able to audit unprivileged users. Unprivileged
> users would only be able to produce an audit trail upon objects which
> he/she owns or has been granted audit privileges to.
> The audit trail would be written either to a new internal system table,
> pg_audit, or optionally a file on the file system. I imagine that an
> external program would also be needed to read/dump the audit trail.
> So what would an audit trail consist of?
> query type
> query result (successful|unsuccessful)
> audit object oid
> I haven't really thought about this too hard just yet but thought I'd see
> if people considered this to be a useful addition to Postgres or not, or
> if I was going about this the wrong way.
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
In response to
pgsql-hackers by date
|Next:||From: Henshall, Stuart - WCP||Date: 2002-01-23 11:03:16|
|Subject: Re: RFD: schemas and different kinds of Postgres objects |
|Previous:||From: Gavin Sherry||Date: 2002-01-23 10:18:57|
|Subject: Auditing and Postgres 7.3|