Re: "Write once-Read many" table ?

From: DA Morgan <damorgan_at_psoug.org>
Date: Thu, 28 Feb 2008 00:26:49 -0800
Message-ID: <1204187208.859751@bubbleator.drizzle.com>

jm.scheiwiler_at_gmail.com wrote:
> Hello,
>
> For legal reasons, we would like to create tables where one can
> insert, select but never never delete nor update.
>
> I know we can prevent delete and update with revoke grants or with
> triggers but this is not satisfactory because grants can be re-granted
> and triggers can be dropped.
>
> We want to make sure that a line inserted will never be changed - even
> by the owner of the schema or by SYS or by any powerful dba.
>
> Is there a way to achieve this ?
> Is there a module to ensure this (database vault...) ?
>
> Thank you in advance
>
> Jean-Michel

You are incorrect in your assumptions.

You can absolutely lock down a database with triggers so that grants can not be made: Even by SYS AS SYSDBA. Audit Vault and Database Vault are perfect examples of how to do this.

-- 
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

Received on Thu Feb 28 2008 - 02:26:49 CST

This message: [ Message body ]
Next message: DA Morgan: "Re: 10.2.0.4"
Previous message: DA Morgan: "Re: How secure is ASM? any encryption possible?"
In reply to: jm.scheiwiler_at_gmail.com: ""Write once-Read many" table ?"
Next in thread: jm.scheiwiler_at_gmail.com: "Re: "Write once-Read many" table ?"
Reply: jm.scheiwiler_at_gmail.com: "Re: "Write once-Read many" table ?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message