2018-10-24 13:39:47 +03:00
|
|
|
Auditing actions on tables in Postgres
|
|
|
|
|
======================================
|
|
|
|
|
|
2018-12-03 15:12:24 +03:00
|
|
|
.. contents:: Table of contents
|
|
|
|
|
:backlinks: none
|
|
|
|
|
:depth: 1
|
|
|
|
|
:local:
|
|
|
|
|
|
2018-10-24 13:39:47 +03:00
|
|
|
Typically audit logging is added to some of the tables to comply with various certifications.
|
2019-09-11 10:17:14 +03:00
|
|
|
You may want to capture the user information (role and the session variables) for every change in Postgres that is done through the GraphQL engine.
|
2018-10-24 13:39:47 +03:00
|
|
|
|
2019-09-11 10:17:14 +03:00
|
|
|
For every mutation, Hasura roughly executes the following transaction:
|
2018-10-24 13:39:47 +03:00
|
|
|
|
|
|
|
|
.. code-block:: sql
|
|
|
|
|
|
|
|
|
|
BEGIN;
|
|
|
|
|
SET local "hasura.user" = '{"x-hasura-role": "role", ... various session variables}'
|
|
|
|
|
SQL related to the mutation
|
|
|
|
|
COMMIT;
|
|
|
|
|
|
|
|
|
|
This information can therefore be captured in any trigger on the underlying tables by using the ``current_setting`` function as follows:
|
|
|
|
|
|
|
|
|
|
.. code-block:: sql
|
|
|
|
|
|
|
|
|
|
current_setting('hasura.user');
|
|
|
|
|
|
|
|
|
|
We've set up some utility functions that'll let you quickly get started with auditing in this `repo <https://github.com/hasura/audit-trigger>`__.
|
