Re: "Write once-Read many" table ?

From: Michael Austin <maustin_at_firstdbasource.com>
Date: Sat, 01 Mar 2008 18:53:08 -0600
Message-ID: <MRmyj.8158$Mw.7266@nlpi068.nbdc.sbc.com>

jm.scheiwiler_at_gmail.com wrote:
> Hello,
>
> For legal reasons, we would like to create tables where one can
> insert, select but never never delete nor update.
>
> I know we can prevent delete and update with revoke grants or with
> triggers but this is not satisfactory because grants can be re-granted
> and triggers can be dropped.
>
> We want to make sure that a line inserted will never be changed - even
> by the owner of the schema or by SYS or by any powerful dba.
>
> Is there a way to achieve this ?
> Is there a module to ensure this (database vault...) ?
>
> Thank you in advance
>
> Jean-Michel

The only real way to make it absolutely unchangeable is the media to which it is written. In note Note:33402.1 is a description of how to write to a WORM drive (may be obsolete and slow!!) but should provide the security necessary. OR - use TRIGGERS that are configured to write to a log file on a WORM device for ANY Changes - thus ensuring the "paper trail".

All of that said, with every facet of security that you can configure, someone can and most likely will find a way to defeat it. Received on Sat Mar 01 2008 - 18:53:08 CST

This message: [ Message body ]
Next message: meysam.khayatan_at_gmail.com: "Migration to Oracle"
Previous message: Michael Austin: "Re: Installing Oracle"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message