On 12/10/2015 12:56 PM, oleg yusim wrote:
> So what I want to accomplish is logging queries for roles/privileges
> with minimal increasing volume of logs along the way. The idea I got
> from responses in this thread so far is:
>
> 1) Set log_statement on postgresql.conf to 'mod'
> 2) Raise log_statement to 'all' but only for postgres superuser
>
> What seems to be open questions to me with this model:
>
> 1) Way to check what log_statement set to on per user basis (what table
> should I query?)
> 2) Way to ensure that only superuser can run meta commands, such as \du,
> \dp, \z
Maybe if you tell us what you hope to achieve, monitoring or access
denial and to what purpose, it might be possible to come up with a more
complete answer.
>
> Thanks,
>
> Oleg
>
> On Thu, Dec 10, 2015 at 2:50 PM, David G. Johnston
> <david.g.johnston@gmail.com <mailto:david.g.johnston@gmail.com>> wrote:
>
> On Thu, Dec 10, 2015 at 1:46 PM, oleg yusim <olegyusim@gmail.com
> <mailto:olegyusim@gmail.com>>wrote:
>
> Hi David,
>
> Can you, please, give me example?
>
>
> Not readily...maybe others can. Putting forth specific examples of
> what you want to accomplish may help.
>
> David J.
>
>
--
Adrian Klaver
adrian.klaver@aklaver.com