Re: Feature request: permissions change history for auditing

Поиск
Список
Период
Сортировка
От Thom Brown
Тема Re: Feature request: permissions change history for auditing
Дата
Msg-id bddc86150911300546ubb70cb7h28bcee9c2a7aadce@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Feature request: permissions change history for auditing  (Glyn Astill <glynastill@yahoo.co.uk>)
Ответы Re: Feature request: permissions change history for auditing  (Andrew Dunstan <andrew@dunslane.net>)
Список pgsql-hackers
Дерево обсуждения
2009/11/30 Glyn Astill <glynastill@yahoo.co.uk>
--- On Mon, 30/11/09, Thom Brown <thombrown@gmail.com> wrote:

> As far as I am aware, there is no way to tell when a
> user/role was granted permissions or had permissions
> revoked, or who made these changes.  I'm wondering if
> it would be useful for security auditing to maintain a
> history of permissions changes only accessible to
> superusers?

I'd have thought you could keep track of this in the logs by setting log_statement >= ddl ?

I'm pretty sure this is a feature that's not wanted, but the ability to add triggers to these sorts of events would surely make more sense than a specific auditing capability.


I concede your suggestion of the ddl log output.  I guess that could then be filtered to obtain the necessary information.

Thanks

Thom

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Simon Riggs
Дата:
Сообщение: Re: Block-level CRC checks
Следующее
От: Andrew Dunstan
Дата:
Сообщение: Re: Feature request: permissions change history for auditing