Re: user creation time for audit

From: Julien Rouhaud <rjuju123(at)gmail(dot)com>
To: Vijaykumar Jain <vijaykumarjain(dot)github(at)gmail(dot)com>
Cc: "Boyapalli, Kousal" <Kousal(dot)Boyapalli(dot)ext(at)uniper(dot)energy>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: user creation time for audit
Date: 2021-08-30 10:23:00
Message-ID: CAOBaU_YYfR1zzVzzhpikxQk1kw7bc1+EXtQuAdY=PSwQRRaiOQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Mon, Aug 30, 2021 at 5:24 PM Vijaykumar Jain
<vijaykumarjain(dot)github(at)gmail(dot)com> wrote:
>
> On Mon, 30 Aug 2021 at 14:39, Julien Rouhaud <rjuju123(at)gmail(dot)com> wrote:
>>
>>
>> The easy way around that is to track those events yourself with the
>> rules that suit your needs, which can be done easily using an event
>> trigger.
>
>
> Please correct me if I am missing anything, but the doc said, event triggers are not allowed on global objects.
> PostgreSQL: Documentation: 13: 39.2. Event Trigger Firing Matrix

Ah right, sorry about that.

> Anyways, I think the options were using external mechanisms to role audits, or pgaudit via statement logging ?

You could also periodically check for new user creation, or write a
dedicated module using ProcessUtility_hook which could allow you to do
something for each CREATE/DROP/ALTER ROLE (or any other utility
statement).

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Mario Emmenlauer 2021-08-30 10:53:54 lib and share are installed differently, but why?
Previous Message Vijaykumar Jain 2021-08-30 09:23:52 Re: user creation time for audit