logo - 跳到首页

VastbaseG100

基于openGauss内核开发的企业级关系型数据库。

Menu

用户审计

功能描述

支持按用户身份选择性审计的功能。audit_user参数为设置审计用户参数,通过审计用户策略来判断是否允许对当前用户进行审计。

功能说明

audit_user参数对所有审计项均有效,当用户不符合审计用户策略时,所有的审计项都不会执行审计及记录审计信息。

参数名称 参数类型 默认值 参数值示例
audit_user 字符串 '*' 'vbadmin,vbaudit,vbsso'

注意事项

  • 默认值:'*',表示对所有用户都审计,参数值为空时等同于默认值。
  • 三权分立开启时,audit_user参数由审计管理员设置,其他用户无权限修改。

示例

1、修改postgresql.conf配置文件参数。

audit_enabled='on'
audit_operation_result='0'
audit_system_object='1'
audit_user='lst'

2、使用数据库初始用户登录数据库,创建用户并授予权限。

CREATE USER lst PASSWORD 'Bigdata@123';
CREATE USER lll PASSWORD 'Bigdata@123';
grant all privileges to lst;
grant all privileges to lll;

3、使用lst用户登录,进行对象操作。

vsql -dvastbase -Ulst -WBigdata@123
create database test;
drop database test;

4、使用lll用户登录,进行对象操作。

vsql -dvastbase -Ulll -WBigdata@123
create database test;
drop database test;

5、使用数据库初始用户登录数据库,查看审计内容。

vsql -r
select pg_query_audit('2023-02-08 17:50:00 +08','2023-02-09');

结果返回如下,只记录了用户lst的操作:

       pg_query_audit
----------------------------------------------------------------------------------------------------------------------------------------------------------

 ("2023-02-08 09:52:16+00",system_stop,ok,"",null,null,null,null,"system stop fast success",node1,null,null,null,"(ACL_NO_RIGHTS)")

 ("2023-02-08 09:52:18+00",internal_event,ok,0,[unknown],[unknown],[unknown]@[unknown]@SSL_OFF,file,"create a new audit file",node1,47264880535296@7291651

38391468,5432,"(null)","(ACL_NO_RIGHTS)")

 ("2023-02-08 09:52:18+00",system_start,ok,"",null,null,null,null,"system startup success(port = 5432)",node1,null,null,null,"(ACL_NO_RIGHTS)")

 ("2023-02-08 09:52:51+00",login_success,ok,25815,lst,vastbase,vsql@[local]@SSL_OFF,vastbase,"login db(vastbase) success,the current user is:lst, SSL=off"

,node1,47265234683648@729165171615710,5432,null,"(ACL_CONNECT)")

 ("2023-02-08 09:52:51+00",set_parameter,ok,25815,lst,vastbase,vsql@[local]@SSL_OFF,connection_info,"SET connection_info = '{""driver_name"":""libpq"",""d

river_version"":""(Vastbase G100 V2.2 (Build 12) Alpha) compiled at 2023-01-31 23:04:01 commit 11395 last mr  ""}'",node1,47265234683648@729165171618322,5

432,null,"(ACL_NO_RIGHTS)")

 ("2023-02-08 09:52:59+00",ddl_database,ok,25815,lst,vastbase,vsql@[local]@SSL_OFF,test,"create database test;",node1,47265234683648@729165179102098,5432,

null,"(ACL_NO_RIGHTS)")

 ("2023-02-08 09:53:03+00",ddl_database,ok,25815,lst,vastbase,vsql@[local]@SSL_OFF,test,"drop database test;",node1,47265234683648@729165183874167,5432,nu

ll,"(ACL_CREATE|ACL_CREATE_TEMP|ACL_CONNECT)")

 ("2023-02-08 09:53:03+00",login_failed,failed,10,[unknown],[unknown],[unknown]@[unknown]@SSL_OFF,test,"database ""test"" does not exist,It seems to have

just been dropped or renamed, SSL=off",node1,47265316603648@729165183891048,5432,"(null)",null)

 ("2023-02-08 09:53:04+00",user_logout,ok,25815,lst,vastbase,vsql@[local]@SSL_OFF,vastbase,"logout db(vastbase) success",node1,47265234683648@729165184954

445,5432,null,"(ACL_NO_RIGHTS)")
(9 rows)