Home > mailing lists

Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL - Mailing list pgsql-admin

From	Kevin Grittner
Subject	Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL
Date	March 14, 2012 14:03:19
Msg-id	4F605EB80200002500046293@gw.wicourts.gov Whole thread Raw
In response to	Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL (Khangelani Gama <kgama@argility.com>)
List	pgsql-admin

Tree view

Khangelani Gama <kgama@argility.com> wrote:

> the issue we have is that we have many Linux users having root
> access into the system.

Which gives them rights to impersonate any other user on the system
and to erase any audit trail written on that system.

> Auditors wants PostgreSQL to tell who updated what inside the
> database

You might be able to create something which looks plausible without
solving the first problem, but it wouldn't be at all trustworthy.
Consider limiting access to root on your database servers and, in
general, pay attention to the concept of "separation of duties"[1].

-Kevin

[1] http://en.wikipedia.org/wiki/Separation_of_duties

pgsql-admin by date:

From: Scott Ribe
Date: 14 March 2012, 13:40:04
Subject: Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL

From: David Ondrejik
Date: 14 March 2012, 15:01:40
Subject: Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL

Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL - Mailing list pgsql-admin

Previous

Next