Re: Event Triggers and GRANT/REVOKE
| От | Adrian Klaver |
|---|---|
| Тема | Re: Event Triggers and GRANT/REVOKE |
| Дата | |
| Msg-id | 58abb5fa-ed73-2487-764b-1bf061ba0339@aklaver.com обсуждение исходный текст |
| Ответ на | Re: Event Triggers and GRANT/REVOKE (Miles Elam <miles.elam@productops.com>) |
| Список | pgsql-general |
On 10/9/19 3:20 PM, Miles Elam wrote: > Using my example below from another thread, GRANTs and REVOKEs leave all > fields NULL except for command_tag (set to 'GRANT' or 'REVOKE'), > object_type (set to upper case target like 'TABLE'), and in_extension > (set to whatever is appropriate, but typically false). From the source: https://doxygen.postgresql.org/event__trigger_8c.html#a4fc09f5b8231780b7f1abdd2a72f95a7 https://doxygen.postgresql.org/event__trigger_8c.html#a2b4e240a2c0aa9cfcc61f906af134913 Line 2185 case SCT_Grant Looks like the information is never collected. The why is going to need an answer from a developer. As to case it looks like GRANT/REVOKE use a different method of deriving the string then other commands, namely using stringify_adefprivs_objtype() > > ----- > > CREATE TABLE IF NOT EXISTS ddl_info ( > classid oid, > objid oid, > objsubid integer, > command_tag text, > object_type text, > schema_name text, > object_identity text, > in_extension bool, > transaction_id bigint NOT NULL DEFAULT txid_current(), > inserted timestamptz NOT NULL DEFAULT clock_timestamp() > ); > > CREATE OR REPLACE FUNCTION ddl_log() > RETURNS EVENT_TRIGGER > LANGUAGE plpgsql AS $$ > BEGIN > INSERT INTO ddl_info ( > classid, objid, objsubid, command_tag, object_type, > schema_name, object_identity, in_extension > ) > SELECT > classid, objid, objsubid, command_tag, object_type, > schema_name, object_identity, in_extension > FROM pg_event_trigger_ddl_commands(); > END; > $$; > > CREATE EVENT TRIGGER aa_ddl_info ON ddl_command_end > EXECUTE PROCEDURE ddl_log(); > > On Wed, Oct 9, 2019 at 2:27 PM Adrian Klaver <adrian.klaver@aklaver.com > <mailto:adrian.klaver@aklaver.com>> wrote: > > On 10/9/19 1:56 PM, Miles Elam wrote: > > GRANT and REVOKE trigger on a ddl_command_end event trigger but > don't > > provide any information beyond whether it was a table, schema, > function, > > etc. that was affected. No object IDs or the like are included. How > > would you find out which table had its ACLs modified? > > What is the code for trigger and function? > > > > > Also, why do grants and revokes have an object_type of 'TABLE' > instead > > of lower case names like 'table' for all other event types? > > > > > > Thanks, > > > > Miles Elam > > > > > -- > Adrian Klaver > adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com> > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: