| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com> |
| Subject: | Re: pgaudit - an auditing extension for PostgreSQL |
| Date: | 2014-10-14 19:09:50 |
| Message-ID: | CA+U5nMJzE_hmagyPyNhpQiuq2DSK+GJs2CAWgfoo3KJYajsWkQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 14 October 2014 13:57, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Create an 'audit' role.
>
> Every command run by roles which are granted to the 'audit' role are
> audited.
>
> Every 'select' against tables which the 'audit' role has 'select' rights
> on are audited. Similairly for every insert, update, delete.
I think that's a good idea.
We could have pg_audit.roles = 'audit1, audit2'
so users can specify any audit roles they wish, which might even be
existing user names.
That is nice because it allows multiple completely independent
auditors to investigate whatever they choose without discussing with
other auditors.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-10-14 19:20:33 | Re: pgaudit - an auditing extension for PostgreSQL |
| Previous Message | Merlin Moncure | 2014-10-14 18:36:57 | Re: Wait free LW_SHARED acquisition - v0.9 |