Skip site navigation (1) Skip section navigation (2)

Re: Feature request: permissions change history for auditing

From: Thom Brown <thombrown(at)gmail(dot)com>
To: Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Feature request: permissions change history for auditing
Date: 2009-11-30 13:46:00
Message-ID: bddc86150911300546ubb70cb7h28bcee9c2a7aadce@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
2009/11/30 Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk>

> --- On Mon, 30/11/09, Thom Brown <thombrown(at)gmail(dot)com> wrote:
>
> > As far as I am aware, there is no way to tell when a
> > user/role was granted permissions or had permissions
> > revoked, or who made these changes.  I'm wondering if
> > it would be useful for security auditing to maintain a
> > history of permissions changes only accessible to
> > superusers?
>
> I'd have thought you could keep track of this in the logs by setting
> log_statement >= ddl ?
>
> I'm pretty sure this is a feature that's not wanted, but the ability to add
> triggers to these sorts of events would surely make more sense than a
> specific auditing capability.
>
>
I concede your suggestion of the ddl log output.  I guess that could then be
filtered to obtain the necessary information.

Thanks

Thom

In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2009-11-30 14:00:01
Subject: Re: Feature request: permissions change history for auditing
Previous:From: Simon RiggsDate: 2009-11-30 13:21:10
Subject: Re: Block-level CRC checks

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group