Auditing actions on tables in Postgres

Typically audit logging is added to some of the tables to comply with various certifications. You may want to capture the user information (role and the session variables) for every change in Postgres that is done through graphql-engine.

For every mutation, hasura roughly executes the following transaction:

BEGIN;
SET local "hasura.user" = '{"x-hasura-role": "role", ... various session variables}'
SQL related to the mutation
COMMIT;

This information can therefore be captured in any trigger on the underlying tables by using the current_setting function as follows:

current_setting('hasura.user');

We’ve set up some utility functions that’ll let you quickly get started with auditing in this repo.