Hello everybody, For PCI compliance I need to log user access to my PCI columns in a table and retain for 2 years. I know I can grep the log, but with 1m log rows/day and infrequent PCI access, I’m thinking this isn’t the most efficient method. I’ve been thinking about a SELECT rule, for the access views defined on the tables with PCI columns. I reviewed the doc but belive I’m constrained I would like to create a select rule that would log the statement in addition to executing the select. “Presently, ON SELECT rules must be unconditional INSTEAD rules and must have actions that consist of a single SELECT command. Thus, an ON SELECT rule effectively turns the table into a view, whose visible” makes me think I can’t do this. Any advice how I might accomplish the goal. format CREATE [ OR REPLACE ] RULE name AS ON event TO table [ WHERE condition ] DO [ ALSO | INSTEAD ] { NOTHING | command | ( command ; command ... ) } Create rule pci_select as on select to creditcard do Instead (begin Insert into pci_log( sql statement); Select * from creditcard; end)
Doug Little Sr. Data Warehouse Architect | Business Intelligence Architecture | Orbitz Worldwide 500 W. Madison, Suite 1000 Chicago IL 60661| Office 312.260.2588 | Fax 312.894.5164 | Cell 847-997-5741 |
