On 4/14/15 8:37 PM, Tatsuo Ishii wrote: > BTW, in my understanding pg_audit allows to track a table access even > if it's used in a view. I think this is a nice feature and it would be > better explicitly stated in the document and the test case is better > included in the regression test. > > Here is a sample session: > > CREATE TABLE test2 (id INT); > CREATE VIEW vtest2 AS SELECT * FROM test2; > GRANT SELECT ON TABLE public.test2 TO auditor; > GRANT SELECT ON TABLE public.vtest2 TO auditor; > SELECT * FROM vtest2; > NOTICE: AUDIT: SESSION,1,1,READ,SELECT,,,SELECT * FROM vtest2; > NOTICE: AUDIT: OBJECT,1,1,READ,SELECT,VIEW,public.vtest2,SELECT * FROM > vtest2; > NOTICE: AUDIT: OBJECT,1,1,READ,SELECT,TABLE,public.test2,SELECT * FROM > vtest2;
That's the idea! In the documentation I throw around the word "relation" pretty liberally, but you are right that some clarification would be helpful. I have added a few parenthetical statements to the docs that should make them clearer. I also took your suggestion and added a view regression test. Both are in patch v9 which I attached to my previous email on this thread. Thank you for taking the time to have a look. -- - David Steele da...@pgmasters.net
signature.asc
Description: OpenPGP digital signature