graphql-engine/docs/graphql/manual/guides/auditing-tables.rst

Auditing actions on tables in Postgres
======================================

Typically audit logging is added to some of the tables to comply with various certifications.
You may want to capture the user information (role and the session variables) for every change in Postgres that is done through graphql-engine.

For every mutation, hasura roughly executes the following transaction:

.. code-block:: sql

   BEGIN;
   SET local "hasura.user" = '{"x-hasura-role": "role", ... various session variables}'
   SQL related to the mutation
   COMMIT;

This information can therefore be captured in any trigger on the underlying tables by using the ``current_setting`` function as follows:

.. code-block:: sql

   current_setting('hasura.user');

We've set up some utility functions that'll let you quickly get started with auditing in this `repo <https://github.com/hasura/audit-trigger>`__.
set all session data in a single paramater, 'hasura.user' (closes #825) 2018-10-24 13:39:47 +03:00			`Auditing actions on tables in Postgres`
			`======================================`

			`Typically audit logging is added to some of the tables to comply with various certifications.`
			`You may want to capture the user information (role and the session variables) for every change in Postgres that is done through graphql-engine.`

			`For every mutation, hasura roughly executes the following transaction:`

			`.. code-block:: sql`

			`BEGIN;`
			`SET local "hasura.user" = '{"x-hasura-role": "role", ... various session variables}'`
			`SQL related to the mutation`
			`COMMIT;`

			This information can therefore be captured in any trigger on the underlying tables by using the ``current_setting`` function as follows:

			`.. code-block:: sql`

			`current_setting('hasura.user');`

			We've set up some utility functions that'll let you quickly get started with auditing in this `repo <https://github.com/hasura/audit-trigger>`__.