public inbox for [email protected]
help / color / mirror / Atom feedFrom: Greg Sabino Mullane <[email protected]>
To: yudhi s <[email protected]>
Cc: [email protected]
Subject: Re: question on audit columns
Date: Thu, 14 Nov 2024 11:32:15 -0500
Message-ID: <CAKAnmm+jC-a_z_UBC5bjw5=gGc4uf3CRvQ4EOgOhO0XOvt95og@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAEzWdqd=83DQo4SK0sjPhBNAHGCvdcJ3X0OruFLgkL008AM8ug@mail.gmail.com>
<CAPnRvGvHAC8HjLCZ2uUBCRZ7=fMJnkTPd3cBOchJu-Vn7G2MHg@mail.gmail.com>
<CAEzWdqfUWE=fuR5k1rd1iQx4K1-LceW3razY8f_tb9YONAZRMQ@mail.gmail.com>
<DBAPR01MB6840804A91ABB765B0A07EACF29C2@DBAPR01MB6840.eurprd01.prod.exchangelabs.com>
<[email protected]>
<[email protected]>
As far as the application being able to change those fields itself, you can
prevent that via column permissions, by leaving out the four audit columns
and doing something like:
GRANT INSERT (email, widget_count), UPDATE (email, widget_count) ON TABLE
foobar TO PUBLIC;
That way, inserts are guaranteed to use the default values of
current_timestamp() and current_user. And a BEFORE UPDATE trigger ensures
it changes the other two fields via the trigger function only.
Cheers,
Greg
P.S. Also check out https://www.pgaudit.org/ (PGAudit) as an alternative
approach, which puts the information into your Postgres logs, rather than
in the tables themselves.
view thread (5+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: question on audit columns
In-Reply-To: <CAKAnmm+jC-a_z_UBC5bjw5=gGc4uf3CRvQ4EOgOhO0XOvt95og@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox