Re: Adding ddl audit trigger
| От | Pavel Stehule |
|---|---|
| Тема | Re: Adding ddl audit trigger |
| Дата | |
| Msg-id | AANLkTimPXTs0TFce_DkAbSYNUYyJEZu5Z4m6wOPvTa9p@mail.gmail.com обсуждение исходный текст |
| Ответ на | Adding ddl audit trigger (El Co <lc4od@yahoo.com>) |
| Список | pgsql-general |
Hello 2011/1/26 El Co <lc4od@yahoo.com>: > Trying to get some DDL auditing in a development environment by adding > triggers to pg_proc, pg_class,pg_type,pg_trigger and getting the following > error: > > > > ERROR: permission denied: "pg_proc" is a system catalog > > SQL state: 42501 > > > > Is there any way to achieve DDL auditing in Postgres and trace any > new/dropped/changed object into a table? > no, it isn't > All I need is to at least be able and save a userid(current_user), > timestamp, action, and the name of the object and this could be done easily > by adding triggers to these pg catalogs. > you, can't do it this on PostgreSQL level. Probably you can revoke a rights to DDL op. Then you are sure, so nobody will do some DDL op. Next step can be a custom procedure in PL/pgSQL with security definer right, that can do DDL via dynamic SQL. This procedure can trace a info to log. A user can use DDL via this procedure. Regards Pavel Stehule
В списке pgsql-general по дате отправления: