Skip site navigation (1) Skip section navigation (2)

Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL

From: "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
To: "Khangelani Gama" <kgama(at)argility(dot)com>, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL
Date: 2012-03-14 14:02:48
Message-ID: 4F605EB80200002500046293@gw.wicourts.gov (view raw or flat)
Thread:
Lists: pgsql-admin
Khangelani Gama <kgama(at)argility(dot)com> wrote:
 
> the issue we have is that we have many Linux users having root
> access into the system.
 
Which gives them rights to impersonate any other user on the system
and to erase any audit trail written on that system.
 
> Auditors wants PostgreSQL to tell who updated what inside the
> database
 
You might be able to create something which looks plausible without
solving the first problem, but it wouldn't be at all trustworthy. 
Consider limiting access to root on your database servers and, in
general, pay attention to the concept of "separation of duties"[1].
 
-Kevin
 
[1] http://en.wikipedia.org/wiki/Separation_of_duties

In response to

pgsql-admin by date

Next:From: David OndrejikDate: 2012-03-14 15:01:20
Subject: Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL
Previous:From: Scott RibeDate: 2012-03-14 13:39:39
Subject: Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group