Menu
For a security sensitive design, I'd like to disable DELETEs on certain tables.
The DELETE should merely set a deleted flag on a row (which would be then visible on a view, which would be used by the application layer).
As I understand a rule would generate additional queries - so a rule could not suppress the original query.
As illustration a toy example with a trigger (not yet tested):
-- data in this table should be 'undeletable' CREATE table article ( id serial, content text not null, deleted boolean default false ) -- some view that would only show articles, that are NOT deleted ... -- toy trigger (not tested) CREATE OR REPLACE FUNCTION suppress_article_delete() RETURNS TRIGGER AS $sad$ BEGIN IF (TG_OP = 'DELETE') THEN UPDATE article SELECT id, content, TRUE; -- NEW or NULL?? RETURN NEW; END IF; RETURN NULL; END; $sad$ LANGUAGE plpgsql; What would be a good way to suppress a DELETE?
530
First, specify the table from which you want to delete data in the DELETE FROM clause. Second, specify which rows to delete by using the condition in the WHERE clause. The WHERE clause is optional. However, if you omit it, the DELETE statement will delete all rows in the table.
The PostgreSQL TRUNCATE TABLE command is used to delete complete data from an existing table. You can also use DROP TABLE command to delete complete table but it would remove complete table structure from the database and you would need to re-create this table once again if you wish to store some data.
PostgreSQL supports following four operators for POSIX regular expression matching (also known as the tilde operator). The tilde operator returns true or false depending on whether or not a regular expression can match a string or a part thereof.
Description. DROP POLICY removes the specified policy from the table. Note that if the last policy is removed for a table and the table still has row-level security enabled via ALTER TABLE , then the default-deny policy will be used.
As I understand a rule would generate additional queries - so a rule could not suppress the original query.
Not really - it could be an INSTEAD rule:
CREATE RULE shoe_del_protect AS ON DELETE TO shoe DO INSTEAD NOTHING; (an example on that same page of the manual).
Another way is to REVOKE delete privileges on the table in question and to create stored procedure(s) for deleting... and updating and inserting also probably.
78
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
