Home > mailing lists

Re: pgaudit - an auditing extension for PostgreSQL - Mailing list pgsql-hackers

From	Abhijit Menon-Sen
Subject	Re: pgaudit - an auditing extension for PostgreSQL
Date	December 18, 2014 16:16:26
Msg-id	20141218131615.GA26323@toroid.org Whole thread Raw
In response to	Re: pgaudit - an auditing extension for PostgreSQL (Stephen Frost <sfrost@snowman.net>)
Responses	Re: pgaudit - an auditing extension for PostgreSQL (Stephen Frost <sfrost@snowman.net>) Re: pgaudit - an auditing extension for PostgreSQL (Abhijit Menon-Sen <ams@2ndQuadrant.com>)
List	pgsql-hackers

Tree view

At 2014-12-16 13:28:07 -0500, sfrost@snowman.net wrote:
>
> The magic "audit" role has SELECT rights on a given table.  When any
> user does a SELECT against that table, ExecCheckRTPerms is called and
> there's a hook there which the module can use to say "ok, does the
> audit role have any permissions here?" and, if the result is yes, then
> the command is audited.

You're right, I did not understand that this is what you were proposing,
and this is not what the code does. I went back and read your original
description, and it seems I implemented only the subset I understood.

I'll look into changing the code sometime next week.

-- Abhijit

pgsql-hackers by date:

From: Torsten Zuehlsdorff
Date: 18 December 2014, 15:53:36
Subject: Re: Commitfest problems

From: Alvaro Herrera
Date: 18 December 2014, 16:23:20
Subject: Re: WIP patch for Oid formatting in printf/elog strings

Re: pgaudit - an auditing extension for PostgreSQL - Mailing list pgsql-hackers

Previous

Next