Home > mailing lists

Re: pgaudit - an auditing extension for PostgreSQL - Mailing list pgsql-hackers

From	Simon Riggs
Subject	Re: pgaudit - an auditing extension for PostgreSQL
Date	October 14, 2014 22:10:00
Msg-id	CA+U5nMJzE_hmagyPyNhpQiuq2DSK+GJs2CAWgfoo3KJYajsWkQ@mail.gmail.com Whole thread Raw
In response to	pgaudit - an auditing extension for PostgreSQL (Ian Barwick <ian@2ndquadrant.com>)
Responses	Re: pgaudit - an auditing extension for PostgreSQL Re: pgaudit - an auditing extension for PostgreSQL
List	pgsql-hackers

Tree view

On 14 October 2014 13:57, Stephen Frost <sfrost@snowman.net> wrote:

> Create an 'audit' role.
>
> Every command run by roles which are granted to the 'audit' role are
> audited.
>
> Every 'select' against tables which the 'audit' role has 'select' rights
> on are audited.  Similairly for every insert, update, delete.

I think that's a good idea.

We could have pg_audit.roles = 'audit1, audit2'
so users can specify any audit roles they wish, which might even be
existing user names.

That is nice because it allows multiple completely independent
auditors to investigate whatever they choose without discussing with
other auditors.

-- Simon Riggs                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services

pgsql-hackers by date:

From: Merlin Moncure
Date: 14 October 2014, 21:37:02
Subject: Re: Wait free LW_SHARED acquisition - v0.9

From: Stephen Frost
Date: 14 October 2014, 22:20:39
Subject: Re: pgaudit - an auditing extension for PostgreSQL

Re: pgaudit - an auditing extension for PostgreSQL - Mailing list pgsql-hackers

Previous

Next