Re: Feature request: permissions change history for auditing
| От | Thom Brown |
|---|---|
| Тема | Re: Feature request: permissions change history for auditing |
| Дата | |
| Msg-id | bddc86150911300546ubb70cb7h28bcee9c2a7aadce@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Feature request: permissions change history for auditing (Glyn Astill <glynastill@yahoo.co.uk>) |
| Ответы |
Re: Feature request: permissions change history for auditing
|
| Список | pgsql-hackers |
2009/11/30 Glyn Astill <glynastill@yahoo.co.uk>
I concede your suggestion of the ddl log output. I guess that could then be filtered to obtain the necessary information.
Thanks
Thom
I'd have thought you could keep track of this in the logs by setting log_statement >= ddl ?--- On Mon, 30/11/09, Thom Brown <thombrown@gmail.com> wrote:
> As far as I am aware, there is no way to tell when a
> user/role was granted permissions or had permissions
> revoked, or who made these changes. I'm wondering if
> it would be useful for security auditing to maintain a
> history of permissions changes only accessible to
> superusers?
I'm pretty sure this is a feature that's not wanted, but the ability to add triggers to these sorts of events would surely make more sense than a specific auditing capability.
I concede your suggestion of the ddl log output. I guess that could then be filtered to obtain the necessary information.
Thanks
Thom
В списке pgsql-hackers по дате отправления: