Обсуждение: log connections to database
Sorry if these are basic questions. It's postgres 8.1 on unix. 1. logging to database I'd like to log connection authentication info into one of the databases, (it's ok to be on the same server as production server), but the logging configuration in postgresql.conf doesn't seem to cover this scenario. 2. checking for permissions Also, is there a way to get the list of objects a user has any permission on? If not, other than using aclcontains, is there some type I can cast relacl to get text to grep from? aclcontains doesn't seem to allow regex. 3. dropping a role If the user is not the owner of the object, is the following an intended behavior, or could it be some misconfiguration on my side? (In fact this seems to give me the list of objects the user has acl on.) create group ddd; grant all on atable to ddd; \dp atable public | atable | table | {postgres=arwdRxt/postgres,ddd=arwdRxt/postgres} drop group ddd; ERROR: role "ddd" cannot be dropped because some objects depend on it DETAIL: access to table atable I couldn't see this from 8.0. Regards, Ben K. Developer http://benix.tamu.edu
Ben K. wrote: > 3. dropping a role > > If the user is not the owner of the object, is the following an intended > behavior, or could it be some misconfiguration on my side? (In fact this > seems to give me the list of objects the user has acl on.) > > create group ddd; > grant all on atable to ddd; > \dp atable > public | atable | table | {postgres=arwdRxt/postgres,ddd=arwdRxt/postgres} > drop group ddd; > ERROR: role "ddd" cannot be dropped because some objects depend on it > DETAIL: access to table atable Yup, this is intended and new in 8.1. You need to REVOKE the privileges before being able to drop the role. In 8.2 (current development) there is a commands to drop the objects owned by the user, which additionally revokes all the privileges; and a command to "give" the objects to someone else. They didn't make the 8.1 deadline however. -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support
> Yup, this is intended and new in 8.1. You need to REVOKE the privileges > before being able to drop the role. Thanks. Ben K. Developer http://benix.tamu.edu