Operation Audit¶
audit_system_object¶
Parameter description: Specifies whether to audit the CREATE, DROP, and ALTER operations on the GaussDB(DWS) database object. The GaussDB(DWS) database objects include databases, users, schemas, and tables. The operations on the database object can be audited by changing the value of this parameter.
Type: SIGHUP
Value range: an integer ranging from 0 to 4194303
0 indicates that the function of auditing the CREATE, DROP, and ALTER operations on the GaussDB(DWS) database object can be disabled.
Other values indicate that the CREATE, DROP, and ALTER operations on a certain or some GaussDB(DWS) database objects are audited.
Value description:
The value of this parameter is calculated by 22 binary bits. The 22 binary bits represent 22 types of GaussDB(DWS) database objects. If the corresponding binary bit is set to 0, the CREATE, DROP, and ALTER operations on corresponding database objects are not audited. If it is set to 1, the CREATE, DROP, and ALTER operations are audited. For details about the audit content represented by these 22 binary bits, see Table 1.
Default value: 12303
Binary Bit | Meaning | Value Description |
---|---|---|
Bit 0 | Whether to audit the CREATE, DROP, and ALTER operations on databases. |
|
Bit 1 | Whether to audit the CREATE, DROP, and ALTER operations on schemas. |
|
Bit 2 | Whether to audit the CREATE, DROP, and ALTER operations on users. |
|
Bit 3 | Whether to audit the CREATE, DROP, ALTER, and TRUNCATE operations on tables. |
|
Bit 4 | Whether to audit the CREATE, DROP, and ALTER operations on indexes. |
|
Bit 5 | Whether to audit the CREATE, DROP, and ALTER operations on views. |
|
Bit 6 | Whether to audit the CREATE, DROP, and ALTER operations on triggers. |
|
Bit 7 | Whether to audit the CREATE, DROP, and ALTER operations on procedures/functions. |
|
Bit 8 | Whether to audit the CREATE, DROP, and ALTER operations on tablespaces. |
|
Bit 9 | Whether to audit the CREATE, DROP, and ALTER operations on resource pools. |
|
Bit 10 | Whether to audit the CREATE, DROP, and ALTER operations on workloads. |
|
Bit 11 | Whether to audit the CREATE, DROP, and ALTER operations on SERVER FOR HADOOP objects. |
|
Bit 12 | Whether to audit the CREATE, DROP, and ALTER operations on data sources. |
|
Bit 13 | Whether to audit the CREATE, DROP, and ALTER operations on Node Groups. |
|
Bit 14 | Whether to audit the CREATE, DROP, and ALTER operations on ROW LEVEL SECURITY objects. |
|
Bit 15 | Whether to audit the CREATE, DROP, and ALTER operations on types. |
|
Bit 16 | Whether to audit the CREATE, DROP, and ALTER operations on text search objects (configurations and dictionaries) |
|
Bit 17 | Whether to audit the CREATE, DROP, and ALTER operations on directories. |
|
Bit 18 | Whether to audit the CREATE, DROP, and ALTER operations on workloads. |
|
Bit 19 | Whether to audit the CREATE, DROP, and ALTER operations on redaction policies. |
|
Bit 20 | Whether to audit the CREATE, DROP, and ALTER operations on sequences. |
|
Bit 21 | Whether to audit the CREATE, DROP, and ALTER operations on nodes. |
|
enableSeparationOfDuty¶
Parameter description: Specifies whether the separation of permissions is enabled.
Type: POSTMASTER
Value range: Boolean
on indicates that the separation of permissions is enabled.
off indicates that the separation of permissions is disabled.
Default value: off
enable_grant_option¶
Parameter description: Specifies whether the with grant option function can be used in security mode.
Type: SIGHUP
Value range: Boolean
on indicates that the with grant option function can be used in security mode.
off indicates that the with grant option function cannot be used in security mode.
Default value: off
enable_grant_public¶
Parameter description: Specifies whether to allow the grant to public function in security mode.
Type: SIGHUP
Value range: Boolean
on indicates that the grant to public function can be used in security mode.
off indicates that the grant to public function cannot be used in security mode.
Default value: off