Re: "Write once-Read many" table ?
Date: Sat, 01 Mar 2008 18:53:08 -0600
> For legal reasons, we would like to create tables where one can
> insert, select but never never delete nor update.
> I know we can prevent delete and update with revoke grants or with
> triggers but this is not satisfactory because grants can be re-granted
> and triggers can be dropped.
> We want to make sure that a line inserted will never be changed - even
> by the owner of the schema or by SYS or by any powerful dba.
> Is there a way to achieve this ?
> Is there a module to ensure this (database vault...) ?
> Thank you in advance
The only real way to make it absolutely unchangeable is the media to which it is written. In note Note:33402.1 is a description of how to write to a WORM drive (may be obsolete and slow!!) but should provide the security necessary. OR - use TRIGGERS that are configured to write to a log file on a WORM device for ANY Changes - thus ensuring the "paper trail".
All of that said, with every facet of security that you can configure, someone can and most likely will find a way to defeat it. Received on Sat Mar 01 2008 - 18:53:08 CST