From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Is there some possibilities to take info about login mapping inside session? |
Date: | 2015-05-31 15:22:20 |
Message-ID: | 20150531152220.GE26667@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Pavel,
* Pavel Stehule (pavel(dot)stehule(at)gmail(dot)com) wrote:
> Have we some possibility to take info about external user when any login
> via mapping is used?
Certainly sounds like a very useful things to me.
I'll note that, for client-side certificates, we actually do include
that info, but it's done in a very-specific-to-SSL way (see sslinfo).
I've not looked, but it would seem that keeping info about what the
'system' user is and making it available via a function would be pretty
simple to do. Too late for 9.5 though, of course.
> The customer want to use map to do switch between external user to database
> user, but needs a info for audit about external user.
This is a more interesting question- where would this information be
going for audit purposes? Are you thinking we'd need to add another
escape to log_line_prefix for it? We still havn't gotten info about the
currently active role added, an effort I spent a great deal of time on
about 2 years ago, as I recall. I might be able to revisit that for
9.6.
If not through log_line_prefix, then through a trigger? That would work
with just the function. If not that, then I'd be quite curious what
this customer is doing (and if it's in line with what our customers are
interested in when it comes to real auditing...).
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Noah Misch | 2015-05-31 15:49:02 | Re: [CORE] postpone next week's release |
Previous Message | Bruce Momjian | 2015-05-31 14:03:05 | Re: [CORE] postpone next week's release |