Re: pgaudit - an auditing extension for PostgreSQL

From: Simon Riggs <simon(at)2ndQuadrant(dot)com>
To: Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com>
Subject: Re: pgaudit - an auditing extension for PostgreSQL
Date: 2014-11-03 17:31:37
Message-ID: CA+U5nMJ7aUvK9N9M-FWmuS6sjZPuWMNimbEZt+OM-UviuvFmsA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 14 October 2014 20:33, Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com> wrote:
> At 2014-10-14 20:09:50 +0100, simon(at)2ndQuadrant(dot)com wrote:
>>
>> I think that's a good idea.
>>
>> We could have pg_audit.roles = 'audit1, audit2'
>
> Yes, it's a neat idea, and we could certainly do that. But why is it any
> better than "ALTER ROLE audit_rw SET pgaudit.log = …" and granting that
> role to the users whose actions you want to audit?

That would make auditing visible to the user, who may then be able to
do something about it.

Stephen's suggestion allows auditing to be conducted without the
users/apps being aware it is taking place.

--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Abhijit Menon-Sen 2014-11-03 17:35:58 Re: pgaudit - an auditing extension for PostgreSQL
Previous Message Sven Wegener 2014-11-03 17:15:04 COPY TO returning empty result with parallel ALTER TABLE