| From: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, MauMau <maumau307(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com> |
| Subject: | Re: pgaudit - an auditing extension for PostgreSQL |
| Date: | 2015-01-23 20:11:34 |
| Message-ID: | 54C2AAF6.4060508@BlueTreble.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 1/23/15 12:16 PM, Stephen Frost wrote:
> Just to clarify- this concept isn't actually mine but was suggested by a
> pretty sizable PG user who has a great deal of familiarity with other
> databases. I don't mean to try and invoke the 'silent majority' but
> rather to make sure folks don't think this is my idea alone or that it's
> only me who thinks it makes sense.:) Simon had weighed in earlier
> with, iirc, a comment that he thought it was a good approach also,
> though that was a while ago and things have changed.
I know there's definitely demand for auditing. I'd love to see us support it.
> I happen to like the idea specifically because it would allow regular
> roles to change the auditing settings (no need to be a superuser or to
> be able to modify postgresql.conf/postgresql.auto.conf)
Is there really a use case for non-superusers to be able to change auditing config? That seems like a bad idea.
Also, was there a solution to how to configure auditing on specific objects with a role-based mechanism? I think we really do need something akin to role:action:object tuples, and I don't see how to do that with roles alone.
BTW, I'm starting to feel like this needs a wiki page to get the design pulled together.
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-01-23 20:15:15 | Re: pgaudit - an auditing extension for PostgreSQL |
| Previous Message | Andrew Dunstan | 2015-01-23 20:10:05 | Re: Perl coding error in msvc build system? |