| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
| Cc: | Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com> |
| Subject: | Re: pgaudit - an auditing extension for PostgreSQL |
| Date: | 2014-10-14 19:20:33 |
| Message-ID: | 20141014192032.GC28859@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Simon Riggs (simon(at)2ndQuadrant(dot)com) wrote:
> On 14 October 2014 13:57, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> > Create an 'audit' role.
> >
> > Every command run by roles which are granted to the 'audit' role are
> > audited.
> >
> > Every 'select' against tables which the 'audit' role has 'select' rights
> > on are audited. Similairly for every insert, update, delete.
>
> I think that's a good idea.
>
> We could have pg_audit.roles = 'audit1, audit2'
> so users can specify any audit roles they wish, which might even be
> existing user names.
Agreed.
> That is nice because it allows multiple completely independent
> auditors to investigate whatever they choose without discussing with
> other auditors.
Yes, also a good thought.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Abhijit Menon-Sen | 2014-10-14 19:33:55 | Re: pgaudit - an auditing extension for PostgreSQL |
| Previous Message | Simon Riggs | 2014-10-14 19:09:50 | Re: pgaudit - an auditing extension for PostgreSQL |