Re: "Write once-Read many" table ?

On Feb 28, 8:26 am, DA Morgan <damor..._at_psoug.org> wrote:
> jm.scheiwi..._at_gmail.com wrote:
> > Hello,
>
> > For legal reasons, we would like to create tables where one can
> > insert, select but never never delete nor update.
>
> > I know we can prevent delete and update with revoke grants or with
> > triggers but this is not satisfactory because grants can be re-granted
> > and triggers can be dropped.
>
> > We want to make sure that a line inserted will never be changed - even
> > by the owner of the schema or by SYS or by any powerful dba.
>
> > Is there a way to achieve this ?
> > Is there a module to ensure this (database vault...) ?
>
> > Thank you in advance
>
> > Jean-Michel
>
> You are incorrect in your assumptions.
>
> You can absolutely lock down a database with triggers so that grants
> can not be made: Even by SYS AS SYSDBA. Audit Vault and Database
> Vault are perfect examples of how to do this.

If you can lock down a database as completely as you suggest Audit Vault (secure storage for audit logs) would be a waste of money surely. What happens to a database vault protected database if someone starts it up with a different password file? I think you'll find that sysdba wll work just fine - check out the official advice on what to do if you forget the Database Vault Owners password for example.

Niall Litchfield
http://www.orawin.info Received on Sun Mar 02 2008 - 08:11:16 CST