Prevent table deletion / updating even with superadmin / dba?

Question

Prevent table deletion / updating even with superadmin / dba?

There are some critical critical tables that I must ensure that they are never deleted or edited. the only possible action is to read it, and dba can add more lines. It.

Now, for added security, I want even dba to not be able to delete / change entries, so basically no one can delete or modify an entry except super administrator. These tables are critical for tracking the activity of certain types of users for whom I must store data indefinitely, and some are critical search tables. Thus, a mixture of system lock values and user-tracked values.

The idea is that someone wants to destroy the data necessary to destroy this database. Is there any way to do this?

+5

database mysql postgresql

Markus Nov 27 '10 at 8:10

source share

3 answers

Frank heikens · Answer 1 · 2010-11-27T09:23:33+0000

No, it is impossible, the superuser always controls the database. You can REVOKE update and remove permissions, but the superuser can always transfer these permissions to himself again.

Max · Answer 2 · 2010-11-27T16:08:37+0000

It is impossible to forbid the superuser to do something. The only thing you can do is to prohibit the user from ANY RANDOMLY deleting or updating records. This can be achieved by creating a rule for updating and removal.

CREATE [ OR REPLACE ] RULE name AS ON event  
    TO table [ WHERE condition ]  
    DO [ ALSO | INSTEAD ] { NOTHING | command | ( command ; command ... ) }

See the link for reference.

Martin · Answer 3 · 2010-11-27T11:48:02+0000

MySQL .

, , (, "WITH GRANT OPTION" ). , .

, MEMORY. , ( ) , . , DBA "skip-grant", , . ( , root .)

, .

Prevent table deletion / updating even with superadmin / dba?

More articles: