Обсуждение: audit trail for viewed data

I have been asked to investigate creating an "audit trail" for viewed data. Essentially we have a requirement of "who
sawwhat and when" (something similar to 'select' triggers and yes I know those don't exist and why). So far the who and
whenare easy but I haven't been able to track what was returned in the data set. 

My first pass attempt at a solution was to use a set returning function that inserted to the audit trail and then I
wouldrevoke select from the base table and use security definer on the function to do the select. I tried something
similarto the following: 

create table a as select i as id from generate_series(1, 5000) as i;

create table b as select i as id from generate_series(4000, 7500) as i;

create table audit ( id integer, accessed timestamp with time zone, user_name text );

create function b_select(_user_name text) returns table(id integer) as '
  -- not sure what to use here for id because it does not seem like anything is in scope
  insert into audit (id, accessed, user_name)
   values (NULL, now(), $1);
  select * from b;' language sql;

select *
 from a
 inner join b_select('test') using (id)
 where b_select.id < 4250;

-- I was hoping this would return the 250 records viewed
select * from audit;


I'm sure this has to do with the function not knowing anything about the join inclusion/exclusion nor the where clause,
butI'm wondering if this is a problem that anyone else has experienced in the past. Is there a way to do this at the
databaselevel or do we need to try to build something into the application to do the tracking? 

Thanks in advance.

________________________________

Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are
notthe addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or
copyingof this communication is strictly prohibited. If you have received this e-mail in error, please notify the
senderof the error. 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


> I have been asked to investigate creating an
> "audit trail" for viewed data.
...
> My first pass attempt at a solution was to use a set returning
> function that inserted to the audit trail...
...
> I'm sure this has to do with the function not knowing anything
> about the join inclusion/exclusion nor the where clause, but
> I'm wondering if this is a problem that anyone else has
> experienced in the past. Is there a way to do this at the
> database level or do we need to try to build something
> into the application to do the tracking?

It's easy enough at the database level: just make all access
go through stored procedures. In the example you gave, disallow
direct access to table 'a' and if they need something like
that query, make them call this:

select rows_a_join_b_id_less(4250);

Obviously you can make the functions a little more generic,
but the golden rule is all direct table access is forbidden.
They want something from the database, they must go through
one of your special procs. Then you can log who viewed what
data and when :). That's going to probably end up a /very/
large audit log, but without getting into a lot more
complexity, that's the price you pay for such detailed logging.

The only other non-application option I can see is to have
something recording things at a low-level, e.g. wireshark.
Which makes the database and application changes easy (e.g.
no changes at all!) at the high cost of parsing the logs when
you need to make sense of them.

- --
Greg Sabino Mullane greg@turnstep.com
End Point Corporation http://www.endpoint.com/
PGP Key: 0x14964AC8 201110290019
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAk6rfs0ACgkQvJuQZxSWSsg9AwCeKRF+lPlX+lpxIxkjOacoYXMO
1WQAn1ONgX8T9aZffHejetCY+yOq5PTP
=/54K
-----END PGP SIGNATURE-----