| From: | Rajesh Mallah <mallah(dot)rajesh(at)gmail(dot)com> |
|---|---|
| To: | Postgres General <pgsql-general(at)postgresql(dot)org> |
| Subject: | logging of application level user in audit trigger |
| Date: | 2017-05-09 18:50:18 |
| Message-ID: | CAHAX668OFr8RTAyfZWDAk1Jk0yiKxHPxMJVyeAtrSmgy70iqGA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi ,
I am referring to audit trigger as described in
https://wiki.postgresql.org/wiki/Audit_trigger_91plus OR
https://wiki.postgresql.org/wiki/Audit_trigger
Although there are documented limitations for these systems , but
I would like to mention and seek suggestion on a limitation that I feel is
biggest .
It is very a common design pattern in web-applications that the same
database
user is shared for making database changes by different "logged in users"
of the
web application.
I feel the core of audit is all about "who" , "when" and "what" .
In the current audit trigger the "who" is essentially the ROLE which is the
actor of
the trigger , but in most scenarios the user associated with the
web-application session
is the one that is seeked.
In one of my past projects I passed the web-user to the trigger by setting
a postgres
custom variable during the database connection and reading it inside the
trigger
and storing it in the audit log table.
I am curious how others deal with the same issue , is there better or more
inbuilt solutions
to store the application level user in the audit trail records.
Regds
mallah.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Mead | 2017-05-09 19:47:32 | Re: logging of application level user in audit trigger |
| Previous Message | Steve Crawford | 2017-05-09 17:19:39 | Re: Python versus Other Languages using PostgreSQL |