[Lada-commits] [PATCH 1 of 2] Improbe audit trail configuration

Wald Commits scm-commit at wald.intevation.org
Fri Nov 11 16:54:20 CET 2016 

# HG changeset patch
# User Tom Gottfried <tom at intevation.de>
# Date 1478879400 -3600
# Branch pgaudit
# Node ID 5239306ee55eef5c43ac6a7f3759d010ebae20f0
# Parent  74e5b963006400c199be5a83bdfcd7028adc3ad2
Improbe audit trail configuration.

Audit only relevant columns, thus not internal stuff like tree_modified.
Audit INSERT also, because we will need it to track initial values.

diff -r 74e5b9630064 -r 5239306ee55e db_schema/setup-db.sh
--- a/db_schema/setup-db.sh	Wed Nov 09 20:01:00 2016 +0100
+++ b/db_schema/setup-db.sh	Fri Nov 11 16:50:00 2016 +0100
@@ -86,16 +86,76 @@
 psql $DB_CONNECT_STRING -d $DB_NAME --command \
      "ALTER DATABASE $DB_NAME SET pgaudit.role TO '$AUDITOR_ROLE';
       ALTER DATABASE $DB_NAME SET pgaudit.log_parameter TO on;
-      GRANT UPDATE, DELETE ON
+      GRANT DELETE ON
           land.probe,
-          land.kommentar_p,
           land.ortszuordnung,
           land.zusatz_wert,
           land.messung,
-          land.kommentar_m,
           land.messwert,
           land.status_protokoll
-          TO $AUDITOR_ROLE;"
+          TO $AUDITOR_ROLE;
+      GRANT INSERT, UPDATE, DELETE ON
+          land.kommentar_p,
+          land.kommentar_m
+          TO $AUDITOR_ROLE;
+      GRANT INSERT, UPDATE (
+              id_alt,
+              test,
+              mst_id,
+              labor_mst_id,
+              hauptproben_nr,
+              datenbasis_id,
+              ba_id,
+              probenart_id,
+              media_desk,
+              media,
+              umw_id,
+              probeentnahme_beginn,
+              probeentnahme_ende,
+              mittelungsdauer,
+              erzeuger_id,
+              probe_nehmer_id,
+              mpl_id,
+              mpr_id,
+              solldatum_beginn,
+              solldatum_ende
+          ) ON land.probe TO $AUDITOR_ROLE;
+      GRANT INSERT, UPDATE (
+              ort_id,
+              ortszuordnung_typ,
+              ortszusatztext
+          ) ON land.ortszuordnung TO $AUDITOR_ROLE;
+      GRANT INSERT, UPDATE (
+              pzs_id,
+              messwert_pzs,
+              messfehler,
+              nwg_zu_messwert
+          ) ON land.zusatz_wert TO $AUDITOR_ROLE;
+      GRANT INSERT, UPDATE (
+              id_alt,
+              nebenproben_nr,
+              mmt_id,
+              messdauer,
+              messzeitpunkt,
+              fertig,
+              geplant
+          ) ON land.messung TO $AUDITOR_ROLE;
+      GRANT INSERT, UPDATE (
+              messgroesse_id,
+              messwert_nwg,
+              messwert,
+              messfehler,
+              nwg_zu_messwert,
+              meh_id,
+              grenzwertueberschreitung
+          ) ON land.messwert TO $AUDITOR_ROLE;
+      GRANT INSERT, UPDATE (
+              mst_id,
+              datum,
+              text,
+              messungs_id,
+              status_kombi
+          ) ON land.status_protokoll TO $AUDITOR_ROLE;"
 
 if [ "$NO_DATA" != "true" ]; then
     echo import stammdaten

More information about the Lada-commits mailing list