Home > mailing lists

Re: question on audit columns - Mailing list pgsql-general

From	Greg Sabino Mullane
Subject	Re: question on audit columns
Date	November 14 22:32:15
Msg-id	CAKAnmm+jC-a_z_UBC5bjw5=gGc4uf3CRvQ4EOgOhO0XOvt95og@mail.gmail.com Whole thread Raw
In response to	Re: question on audit columns (Johannes Lochmann <johannes.lochmann@gmail.com>)
List	pgsql-general

Tree view

As far as the application being able to change those fields itself, you can prevent that via column permissions, by leaving out the four audit columns and doing something like:

GRANT INSERT (email, widget_count), UPDATE (email, widget_count) ON TABLE foobar TO PUBLIC;

That way, inserts are guaranteed to use the default values of current_timestamp() and current_user. And a BEFORE UPDATE trigger ensures it changes the other two fields via the trigger function only.

Cheers,

Greg

P.S. Also check out https://www.pgaudit.org/ (PGAudit) as an alternative approach, which puts the information into your Postgres logs, rather than in the tables themselves.

pgsql-general by date:

From: Ron Johnson
Date: 14 November, 21:38:56
Subject: Re: Help with restoring database from old version of PostgreSQL

From: Adrian Klaver
Date: 14 November, 22:45:25
Subject: Re: postgresql-17.0-1 Application - silent installation Issue

Re: question on audit columns - Mailing list pgsql-general

Previous

Next