Hi PostgreSQL team,
Oracle Audit Vault and Database Firewall (AVDF) audits/monitors database activities. This product helps enterprises to manage the security posture of Oracle , PostgreSQL and other databases.
Oracle AVDF helps customers in India comply with the Ministry of Corporate Affairs (MCA) Guidelines (https://www.mca.gov.in/Ministry/pdf/AuditAuditorsAmendmentRules_24032021.pdf)
As per the MCA guidelines it is mandatory to capture details of what data was changed, when it was changed and who made the change.
PostgreSQL generates and stores (change data capture) information in transaction log, which is in turn read by Oracle GoldenGate and stored in XML files. These XML files are processed by AVDF and stored in AVDF database.
From an auditing perspective, three details are mandatory.
The PostgreSQL transaction log currently has information about what was the change, and when the change happened. But it does not have any information about who made the change.
We would like PostgreSQL to store the details of who made the change (user/session) information in the transaction log.
Below are the user/session information from an auditing perspective.
Mandatory critical session information
DB User Name
OS User Name
Client Host Name
Client/AppUser ID
Other important session information
Program Name
OS Terminal Name
Process ID
Proxy Session ID
Since these details are mandated by MCA regulations, we would humbly request your expertise in prioritizing this enhancement.
Warm regards,
Sumanth Vishwaraj
