Thread: [GENERAL] pgaduit - is there a way to audit a role

[GENERAL] pgaduit - is there a way to audit a role

From

rakeshkumar464

Date:

31 October 2017, 04:48:57

Is there a way to audit a group like as follows

alter role db_rw set pgaudit.log = 'read,write,function,ddl'  

and then any user part of db_rw role can be audited automatically.  It does
not seem to work if I connect to the db as rakesh who is part of db_rw role.



--
Sent from: http://www.postgresql-archive.org/PostgreSQL-general-f1843780.html


-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] pgaduit - is there a way to audit a role

From

David Steele

Date:

01 November 2017, 04:31:40

On 10/30/17 6:48 PM, rakeshkumar464 wrote:
> Is there a way to audit a group like as follows
> 
> alter role db_rw set pgaudit.log = 'read,write,function,ddl'  
> 
> and then any user part of db_rw role can be audited automatically.  It does
> not seem to work if I connect to the db as rakesh who is part of db_rw role.

This will not work because settings (GUCs) on a role are not inherited
by roles (or users) that are members of that role.  This is a
characteristic of the roles system and not inherent to pgAudit.

-- 
-David
david@pgmasters.net


-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general