Re: How to find table creation time - Mailing list pgsql-admin

From Jason Mathis
Subject Re: How to find table creation time
Date
Msg-id etPan.5344162b.6b8b4567.16b@palos
Whole thread Raw
In response to Re: How to find table creation time  (Walter Hurry <walterhurry@gmail.com>)
List pgsql-admin
Hi Walter,

Thanks for your feedback and suggestions. Although I believe you may have misunderstood or assumed a few key points on this thread. The original question was just to get the creation time of tables. I answered that question and gave an example of different ideas on how the increased logging could benefit your infrastructure. 

In terms of auditing ddl changes in the logs, yes I do want an email. We all have different rules and regulations we need to follow. Most of us have more than one dba (or superuser) working in house. Or maybe you just started at a new place and wanted to quickly get a handle on whats going on. 

As for disaster recovery, I like to take the approach of “when it happens” more than “it will never happen because I did xyz.” It will rain, lets be ready for it. I was not implying to forgo a “security audit” or give every user super permissions, that will be just silly. In fact we just underwent a security review here but I would still like to have this in place. This additional logging/parsing is a second line of defense. When it does go down (think junior dba or oops I thought that was dev) at least you will know right away, have the exact second it happened and a paper trail. Pretty nice uh? I bet the boy scouts would be jealous about that:) 

Embrace those logs, parse them out, send emails, alerts, whatever.  Nobody, system, or process is perfect. It will rain, how prepared are you going to be? 


Hoping for many sunny days ahead!

-jason 


On April 7, 2014 at 6:26:38 PM, Walter Hurry (walterhurry@gmail.com) wrote:

Jason Mathis wrote:

> someone “sneaking in” a change. Or even think about data recovery, “what time did you drop that production table?”

Whaaat? You need to do a security review *now*. These possibilities indicate anarchy, and are a sure recipe for disaster. Someone has dropped a production table and you want it to be logged, or to be emailed about it?

You don't *grant* privileges to drop production tables to all and sundry.




--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

This transmission contains confidential and privileged information intended solely for the party identified above. If you receive this message in error, you must not use it or convey it to others. Please destroy it immediately and contact the sender at (303) 386-3955 or by return e-mail to the sender.

pgsql-admin by date:

Previous
From: Drazen Kacar
Date:
Subject: Re: robust archiving of WAL segments
Next
From: Jerry Sievers
Date:
Subject: Re: How to find table creation time