Обсуждение: log connections to database

Поиск
Список
Период
Сортировка

log connections to database

От
"Ben K."
Дата:
Sorry if these are basic questions. It's postgres 8.1 on unix.

1. logging to database
I'd like to log connection authentication info into one of the databases,
(it's ok to be on the same server as production server), but the logging
configuration in postgresql.conf doesn't seem to cover this scenario.

2. checking for permissions
Also, is there a way to get the list of objects a user has any permission
on? If not, other than using aclcontains, is there some type I can cast
relacl to get text to grep from? aclcontains doesn't seem to allow
regex.

3. dropping a role

If the user is not the owner of the object, is the following an intended
behavior, or could it be some misconfiguration on my side? (In fact this
seems to give me the list of objects the user has acl on.)

create group ddd;
grant all on atable to ddd;
\dp atable
public | atable | table | {postgres=arwdRxt/postgres,ddd=arwdRxt/postgres}
drop group ddd;
ERROR:  role "ddd" cannot be dropped because some objects depend on it
DETAIL:
     access to table atable

I couldn't see this from 8.0.



Regards,

Ben K.
Developer
http://benix.tamu.edu

Re: log connections to database

От
Alvaro Herrera
Дата:
Ben K. wrote:

> 3. dropping a role
>
> If the user is not the owner of the object, is the following an intended
> behavior, or could it be some misconfiguration on my side? (In fact this
> seems to give me the list of objects the user has acl on.)
>
> create group ddd;
> grant all on atable to ddd;
> \dp atable
> public | atable | table | {postgres=arwdRxt/postgres,ddd=arwdRxt/postgres}
> drop group ddd;
> ERROR:  role "ddd" cannot be dropped because some objects depend on it
> DETAIL: access to table atable

Yup, this is intended and new in 8.1.  You need to REVOKE the privileges
before being able to drop the role.

In 8.2 (current development) there is a commands to drop the objects
owned by the user, which additionally revokes all the privileges; and a
command to "give" the objects to someone else.  They didn't make the 8.1
deadline however.

--
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

Re: log connections to database

От
"Ben K."
Дата:
> Yup, this is intended and new in 8.1.  You need to REVOKE the privileges
> before being able to drop the role.

Thanks.


Ben K.
Developer
http://benix.tamu.edu