| From: | David Steele <david(at)pgmasters(dot)net> |
|---|---|
| To: | Tatsuo Ishii <ishii(at)postgresql(dot)org> |
| Cc: | simon(at)2ndQuadrant(dot)com, pgsql-hackers(at)postgresql(dot)org, sawada(dot)mshk(at)gmail(dot)com, ams(at)2ndQuadrant(dot)com, masao(dot)fujii(at)gmail(dot)com |
| Subject: | Re: Auditing extension for PostgreSQL (Take 2) |
| Date: | 2015-04-15 17:40:02 |
| Message-ID: | 552EA272.1040906@pgmasters.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 4/14/15 8:37 PM, Tatsuo Ishii wrote:
> BTW, in my understanding pg_audit allows to track a table access even
> if it's used in a view. I think this is a nice feature and it would be
> better explicitly stated in the document and the test case is better
> included in the regression test.
>
> Here is a sample session:
>
> CREATE TABLE test2 (id INT);
> CREATE VIEW vtest2 AS SELECT * FROM test2;
> GRANT SELECT ON TABLE public.test2 TO auditor;
> GRANT SELECT ON TABLE public.vtest2 TO auditor;
> SELECT * FROM vtest2;
> NOTICE: AUDIT: SESSION,1,1,READ,SELECT,,,SELECT * FROM vtest2;
> NOTICE: AUDIT: OBJECT,1,1,READ,SELECT,VIEW,public.vtest2,SELECT * FROM vtest2;
> NOTICE: AUDIT: OBJECT,1,1,READ,SELECT,TABLE,public.test2,SELECT * FROM vtest2;
That's the idea! In the documentation I throw around the word
"relation" pretty liberally, but you are right that some clarification
would be helpful.
I have added a few parenthetical statements to the docs that should make
them clearer. I also took your suggestion and added a view regression test.
Both are in patch v9 which I attached to my previous email on this thread.
Thank you for taking the time to have a look.
--
- David Steele
david(at)pgmasters(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Qingqing Zhou | 2015-04-15 18:14:43 | Re: Assert there is no duplicated exit callbacks |
| Previous Message | David Steele | 2015-04-15 17:34:25 | Re: Auditing extension for PostgreSQL (Take 2) |