Home > mailing lists

Re: pgaudit - an auditing extension for PostgreSQL - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: pgaudit - an auditing extension for PostgreSQL
Date	October 14, 2014 22:20:39
Msg-id	20141014192032.GC28859@tamriel.snowman.net Whole thread Raw
In response to	Re: pgaudit - an auditing extension for PostgreSQL (Simon Riggs <simon@2ndQuadrant.com>)
List	pgsql-hackers

Tree view

* Simon Riggs (simon@2ndQuadrant.com) wrote:
> On 14 October 2014 13:57, Stephen Frost <sfrost@snowman.net> wrote:
>
> > Create an 'audit' role.
> >
> > Every command run by roles which are granted to the 'audit' role are
> > audited.
> >
> > Every 'select' against tables which the 'audit' role has 'select' rights
> > on are audited.  Similairly for every insert, update, delete.
>
> I think that's a good idea.
>
> We could have pg_audit.roles = 'audit1, audit2'
> so users can specify any audit roles they wish, which might even be
> existing user names.

Agreed.

> That is nice because it allows multiple completely independent
> auditors to investigate whatever they choose without discussing with
> other auditors.

Yes, also a good thought.
Thanks!
    Stephen

pgsql-hackers by date:

From: Simon Riggs
Date: 14 October 2014, 22:10:00
Subject: Re: pgaudit - an auditing extension for PostgreSQL

From: Abhijit Menon-Sen
Date: 14 October 2014, 22:34:06
Subject: Re: pgaudit - an auditing extension for PostgreSQL

Re: pgaudit - an auditing extension for PostgreSQL - Mailing list pgsql-hackers

Previous

Next