Skip to content
Simple, easily customised trigger-based auditing for hasura graphql engine
PLpgSQL
Branch: master
Clone or download
#3 Compare This branch is 6 commits ahead, 5 commits behind 2ndQuadrant:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
AUTHORS Add simple AUTHORS file Jul 6, 2015
COPYRIGHT
README.md change 'hasura.session' to 'hasura.user' Oct 24, 2018
audit.sql change 'hasura.session' to 'hasura.user' Oct 24, 2018

README.md

A simple, customisable table audit system for PostgreSQL implemented using triggers.

This is based off https://github.com/2ndQuadrant/audit-trigger with the following changes

  1. The row data is stored in jsonb.
  2. Logs user information from hasura's graphql-engine (accessible by current_setting('hasura.user')).

Installation

Load audit.sql into the database where you want to set up auditing. You can do this via psql or any other tool that lets you execute sql on the database.

psql -h <db-host> -p <db-port> -U <db-user> -d <db> -f audit.sql --single-transaction

Setting up triggers

Run the following sql to setup audit on a table

select audit.audit_table('author');

For a table in a different schema name as follows:

select audit.audit_table('shipping.delivery');

This sets up triggers on the given table which logs any change (insert/update/delete) into the table audit.logged_actions.

select * from audit.logged_actions

Available options

The function audit.audit_table takes the following arguments:

argument description
target_table Table name, schema qualified if not on search_path
audit_rows Record each row change, or only audit at a statement level
audit_query_text Record the text of the client query that triggered the audit event?
ignored_cols Columns to exclude from update diffs, ignore updates that change only ignored cols.

Examples

Do not log changes for every row

select audit.audit_table('author', false);

Log changes for every row but don't log the sql statement

select audit.audit_table('author', true, false);

Log changes for every row, log the sql statement, but don't log the data of the columns email and phone_number

select audit.audit_table('author', true, true, '{email,phone_number}');
You can’t perform that action at this time.