On 4/14/15 8:37 PM, Tatsuo Ishii wrote:
> BTW, in my understanding pg_audit allows to track a table access even
> if it's used in a view. I think this is a nice feature and it would be
> better explicitly stated in the document and the test case is better
> included in the regression test.
>
> Here is a sample session:
>
> CREATE TABLE test2 (id INT);
> CREATE VIEW vtest2 AS SELECT * FROM test2;
> GRANT SELECT ON TABLE public.test2 TO auditor;
> GRANT SELECT ON TABLE public.vtest2 TO auditor;
> SELECT * FROM vtest2;
> NOTICE: AUDIT: SESSION,1,1,READ,SELECT,,,SELECT * FROM vtest2;
> NOTICE: AUDIT: OBJECT,1,1,READ,SELECT,VIEW,public.vtest2,SELECT * FROM vtest2;
> NOTICE: AUDIT: OBJECT,1,1,READ,SELECT,TABLE,public.test2,SELECT * FROM vtest2;
That's the idea! In the documentation I throw around the word
"relation" pretty liberally, but you are right that some clarification
would be helpful.
I have added a few parenthetical statements to the docs that should make
them clearer. I also took your suggestion and added a view regression test.
Both are in patch v9 which I attached to my previous email on this thread.
Thank you for taking the time to have a look.
--
- David Steele
david@pgmasters.net