edb_audit_statement v16

Parameter type: String

Default value: ddl, error

Range: {none | ddl | dml | insert | update | delete | truncate | select | error | create | drop | alter | grant | revoke | rollback | set | all | { select | update | delete | insert }@groupname} ...

Minimum scope of effect: Cluster

When value changes take effect: Reload

Required authorization to activate: EDB Postgres Advanced Server service account

Specifies auditing of different categories of SQL statements as well as statements related to specific SQL commands.

  • To log errors, set the parameter value to error.
  • To audit all DDL statements, such as CREATE TABLE and ALTER TABLE, set the parameter value to ddl.
  • To audit specific types of DDL statements, the parameter values can include those specific SQL commands (create, drop, or alter). In addition, you can specify the object type following the command, such as create table, create view, and drop role.
  • To audit all modification statements, such as INSERT, UPDATE, DELETE, or TRUNCATE, set edb_audit_statement to dml.
  • To audit specific types of DML statements, the parameter values can include the specific SQL commands insert, update, delete, or truncate. Include parameter values select, grant, revoke, or rollback to audit statements regarding those SQL commands.
  • To audit SET statements, include the parameter value SET.
  • To audit every statement, set the value to all.
  • To disable this feature, set the value to none.

The per-object level auditing audits the operations permitted by object privileges, such as SELECT, UPDATE, DELETE, and INSERT statements, including (@) and excluding (-) groups on a given table. To audit a specific type of object, specify the name of the object group to audit. The edb_audit_statement parameter can include the specific SQL commands (select, update, delete, or insert) associated with a group name with (@) include and (-) exclude symbol.