From: | Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Ian Barwick <ian(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: pgaudit - an auditing extension for PostgreSQL |
Date: | 2014-05-04 15:21:58 |
Message-ID: | 20140504152158.GF22288@toroid.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
At 2014-05-04 11:03:56 -0400, sfrost(at)snowman(dot)net wrote:
>
> Another reloption is one option, or an extension on the ACL system
> (for that piece of it), or we could make a new catalog for it (ala
> pg_seclabel), or perhaps add it on to one (pg_seclabel but rename
> it to pg_security..?).
I'll look into those possibilities, thanks.
> Perhaps it could be a role-level permission instead of one which is
> per-table, but I don't think this should be superuser-only.
I like the idea of a role-level permission, or a (db,role)-level
permission (i.e. "role x is auditor for database y"), but I don't
feel I know enough about real-world auditing requirements to make
an informed decision here.
Ian did some research into how auditing is handled in other systems.
He's on vacation right now, and I'm not sure how much detail his report
has on this particular subject, but I'll have a look and try to present
a summary soon.
-- Abhijit
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2014-05-04 16:47:51 | Re: 9.4 release notes |
Previous Message | Euler Taveira | 2014-05-04 15:13:31 | Re: pg_shmem_allocations view |