Re: pgaudit - an auditing extension for PostgreSQL

From: Abhijit Menon-Sen <ams(at)2ndQuadrant(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, MauMau <maumau307(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com>
Subject: Re: pgaudit - an auditing extension for PostgreSQL
Date: 2014-12-18 13:16:15
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

At 2014-12-16 13:28:07 -0500, sfrost(at)snowman(dot)net wrote:
> The magic "audit" role has SELECT rights on a given table. When any
> user does a SELECT against that table, ExecCheckRTPerms is called and
> there's a hook there which the module can use to say "ok, does the
> audit role have any permissions here?" and, if the result is yes, then
> the command is audited.

You're right, I did not understand that this is what you were proposing,
and this is not what the code does. I went back and read your original
description, and it seems I implemented only the subset I understood.

I'll look into changing the code sometime next week.

-- Abhijit

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2014-12-18 13:23:16 Re: WIP patch for Oid formatting in printf/elog strings
Previous Message Torsten Zuehlsdorff 2014-12-18 12:53:27 Re: Commitfest problems