PolarDB:pgAudit (log auditing)

Supported versions

PolarDB for PostgreSQL (Compatible with Oracle) supports pgAudit on the following versions:

• Oracle syntax compatible 2.0 (minor engine version 2.0.14.5.1.0 and later)

• Oracle syntax compatible 1.0 (minor engine version 2.0.11.9.25.0 and later)

To check your minor engine version, run SHOW polardb_version; or view it in the console. If your cluster does not meet the version requirement, upgrade the minor engine version.

Prerequisites

Before you begin, make sure that you have:

• A privileged account (required to set pgAudit parameters)

Install the extension

CREATE EXTENSION pgaudit;

Configure audit scope

Use the pgaudit.log parameter to control which operation types are audited. Set it at the database level with ALTER DATABASE.

ALTER DATABASE pgaudit_testdb SET pgaudit.log = 'READ';

ALTER DATABASE pgaudit_testdb SET pgaudit.log = 'READ,WRITE';

ALTER DATABASE pgaudit_testdb SET pgaudit.log = 'NONE';

Audit operations on a specific object

To audit only operations on specific tables rather than all database activity, assign an audit role and grant it access to the tables you want to track.

1. Create an audit role and assign it to the database.

   CREATE USER audit_role;
   ALTER DATABASE pgaudit_testdb SET pgaudit.role = 'audit_role';

2. Create a table and grant the audit role access to it.

   CREATE TABLE test_audit (id INT);
   GRANT ALL ON test_audit TO audit_role;

After these steps, only operations on test_audit in pgaudit_testdb are audited.

Uninstall the extension

DROP EXTENSION pgaudit;

What's next

• View audit logs in SQL Explorer

• Read the official pgAudit documentation for the full parameter reference