Skip to content

(refactored branch) Proposal: Mode in which all superuser operations are output to the audit log. #25

New issue
New issue
Open
Open
(refactored branch) Proposal: Mode in which all superuser operations are output to the audit log.#25
Labels
enhancement
@harada-toshi

Description

@harada-toshi
harada-toshi
opened on Feb 10, 2017

Outline of the proposal

In the audit of PostgreSQL, it is important to logging the operation of the super user role (ex. "postgres").
For this reason, we propose adding a mode (log_superuser) to forcibly logging superuser operations in the option section of the configuration file.

Setting Example

[option]
  log_superuser = on
  • Parameter type is boolean.
  • The default value is on.

Behavior when log_superuser is on

  • All operations by roles with super user authority are subject to audit log output. Specifying the filter described in the rule section is invalidated.
  • For roles that are not superuser privileges, output the audit log according to the filter specification described in the rule section.

Behavior when log_superuser is off

  • Output the audit log according to the filter specification described in the rule section.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions