edb_audit_statement v16
Parameter type: String
Default value: ddl, error
Range: {none | ddl | dml | insert | update | delete | truncate | select | error | create | drop | alter | grant | revoke | rollback | set | all | { select | update | delete | insert }@groupname} ...
Minimum scope of effect: Cluster
When value changes take effect: Reload
Required authorization to activate: EDB Postgres Advanced Server service account
Specifies auditing of different categories of SQL statements as well as statements related to specific SQL commands.
- To log errors, set the parameter value to
error
. - To audit all DDL statements, such as
CREATE TABLE
andALTER TABLE
, set the parameter value toddl
. - To audit specific types of DDL statements, the parameter values can include those specific SQL commands (
create
,drop
, oralter
). In addition, you can specify the object type following the command, such ascreate table
,create view
, anddrop role
. - To audit all modification statements, such as
INSERT
,UPDATE
,DELETE
, orTRUNCATE
, setedb_audit_statement
todml
. - To audit specific types of DML statements, the parameter values can include the specific SQL commands
insert
,update
,delete
, ortruncate
. Include parameter valuesselect
,grant
,revoke
, orrollback
to audit statements regarding those SQL commands. - To audit
SET
statements, include the parameter valueSET
. - To audit every statement, set the value to
all
. - To disable this feature, set the value to
none
.
The per-object level auditing audits the operations permitted by object privileges, such as SELECT
, UPDATE
, DELETE
, and INSERT
statements, including (@)
and excluding (-)
groups on a given table. To audit a specific type of object, specify the name of the object group to audit. The edb_audit_statement
parameter can include the specific SQL commands (select
, update
, delete
, or insert
) associated with a group name with (@)
include and (-)
exclude symbol.