Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Prevent delete/update for tables by even superadmin/dba?

There are some mission critical tables which i need to ensure never get deleted or edited. only possible action is to read from it and the dba can add more rows. That's it.

Now for added security i want to prevent even the dba from being able to delete/alter the records, so basically no one can ever delete or alter a record, no super admin also. These tables are critical for activity tracking of certain type of users who's data i need to preserve indefinitely and some are critical lookup tables. So a mixture of system locked values and user tracked values.

Idea is if someone wants to destroy the data they need to kill that database. Is there a way to do this?

like image 758
Markus Avatar asked Nov 27 '10 08:11

Markus


2 Answers

No, not possible, the superuser is always in control of the database. You could REVOKE update and delete permissions, but a superuser can always GRANT these permissions to himself again.

like image 165
Frank Heikens Avatar answered Sep 21 '22 07:09

Frank Heikens


There is no way you can prevent a superuser to do something. The only thing you can do is prevent ANY user from ACCIDENTALLY deleting or updating the records. This can be achieved by creating rule on update and on delete.

CREATE [ OR REPLACE ] RULE name AS ON event  
    TO table [ WHERE condition ]  
    DO [ ALSO | INSTEAD ] { NOTHING | command | ( command ; command ... ) }  

See this link for reference.

like image 27
Max Avatar answered Sep 19 '22 07:09

Max