| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | El Co <lc4od(at)yahoo(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Adding ddl audit trigger |
| Date: | 2011-01-27 07:45:52 |
| Message-ID: | AANLkTimPXTs0TFce_DkAbSYNUYyJEZu5Z4m6wOPvTa9p@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello
2011/1/26 El Co <lc4od(at)yahoo(dot)com>:
> Trying to get some DDL auditing in a development environment by adding
> triggers to pg_proc, pg_class,pg_type,pg_trigger and getting the following
> error:
>
>
>
> ERROR: permission denied: "pg_proc" is a system catalog
>
> SQL state: 42501
>
>
>
> Is there any way to achieve DDL auditing in Postgres and trace any
> new/dropped/changed object into a table?
>
no, it isn't
> All I need is to at least be able and save a userid(current_user),
> timestamp, action, and the name of the object and this could be done easily
> by adding triggers to these pg catalogs.
>
you, can't do it this on PostgreSQL level. Probably you can revoke a
rights to DDL op. Then you are sure, so nobody will do some DDL op.
Next step can be a custom procedure in PL/pgSQL with security definer
right, that can do DDL via dynamic SQL. This procedure can trace a
info to log. A user can use DDL via this procedure.
Regards
Pavel Stehule
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Santosh Bhujbal (sabhujba) | 2011-01-27 07:52:10 | Queyring for columns which are exist in table. |
| Previous Message | Ray Stell | 2011-01-27 02:34:18 | Re: Understanding PG9.0 streaming replication feature |