Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL

Поиск
Список
Период
Сортировка
От Kevin Grittner
Тема Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL
Дата
Msg-id 4F605EB80200002500046293@gw.wicourts.gov
обсуждение исходный текст
Ответ на Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL  (Khangelani Gama <kgama@argility.com>)
Список pgsql-admin
Дерево обсуждения 
Khangelani Gama <kgama@argility.com> wrote:

> the issue we have is that we have many Linux users having root
> access into the system.

Which gives them rights to impersonate any other user on the system
and to erase any audit trail written on that system.

> Auditors wants PostgreSQL to tell who updated what inside the
> database

You might be able to create something which looks plausible without
solving the first problem, but it wouldn't be at all trustworthy.
Consider limiting access to root on your database servers and, in
general, pay attention to the concept of "separation of duties"[1].

-Kevin

[1] http://en.wikipedia.org/wiki/Separation_of_duties

В списке pgsql-admin по дате отправления:

Предыдущее
От: Scott Ribe
Дата:
Сообщение: Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL
Следующее
От: David Ondrejik
Дата:
Сообщение: Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL