Discussion:
Prevent delete on all tables
(too old to reply)
m***@gmail.com
2013-01-08 09:48:10 UTC
Permalink
Hi, please I would know if there's a way to prevent the deletion on all tables using the triggers (for example) without exceptions.

I tried "transaction rollback" but it throws an error.

Thanks,
Matteo
Erland Sommarskog
2013-01-08 20:40:49 UTC
Permalink
Post by m***@gmail.com
Hi, please I would know if there's a way to prevent the deletion on all
tables using the triggers (for example) without exceptions.
I tried "transaction rollback" but it throws an error.
If you invent your syntax, that usually results in an error. A vile trigger
could look like this:

CREATE TRIGGER nono_tri ON tbl INSTEAD OF DELETE AS
RAISERROR ('Deletes on this table are not permitted!', 16, 1)
ROLLBACK TRANSACTION
RETURN

You need to put this on every table. There is no provision for a general
database trigger that applies to all tables.
--
Erland Sommarskog, SQL Server MVP, ***@sommarskog.se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
m***@gmail.com
2013-01-09 14:00:33 UTC
Permalink
Post by Erland Sommarskog
Post by m***@gmail.com
Hi, please I would know if there's a way to prevent the deletion on all
tables using the triggers (for example) without exceptions.
I tried "transaction rollback" but it throws an error.
If you invent your syntax, that usually results in an error. A vile trigger
CREATE TRIGGER nono_tri ON tbl INSTEAD OF DELETE AS
RAISERROR ('Deletes on this table are not permitted!', 16, 1)
ROLLBACK TRANSACTION
RETURN
You need to put this on every table. There is no provision for a general
database trigger that applies to all tables.
--
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
I used "ROLLBACK TRANSACTION" not "transaction rollback", but also with RAISEERROR if I launch the command using .NET I obtain an exception.

I want a silent operation, no deletetion without errors, to support
the legacy application.

Thanks,
Matteo
Erland Sommarskog
2013-01-09 21:02:59 UTC
Permalink
Post by m***@gmail.com
I want a silent operation, no deletetion without errors, to support
the legacy application.
OK. In that case, take out the RAISERROR and ROLLBACK TRANSACTION and
keep the RETURN. It will be very silent.
--
Erland Sommarskog, SQL Server MVP, ***@sommarskog.se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
m***@gmail.com
2013-01-09 21:54:33 UTC
Permalink
Post by Erland Sommarskog
Post by m***@gmail.com
I want a silent operation, no deletetion without errors, to support
the legacy application.
OK. In that case, take out the RAISERROR and ROLLBACK TRANSACTION and
keep the RETURN. It will be very silent.
Perfect, it works but I had no doubt to find the solution here :)

Thanks,
Matteo
rpresser
2013-01-09 06:33:03 UTC
Permalink
Post by m***@gmail.com
Hi, please I would know if there's a way to prevent the deletion on all tables using the triggers (for example) without exceptions.
I tried "transaction rollback" but it throws an error.
"ROLLBACK TRANSACTION" is the proper term; but it is not really the appropriate way.

You may want to look at having people use the db_datareader role if they only need readonly access to the database. Or, if you need insert and update allowed and delete denied, you could use DENY DELETE on each table, which might be simpler than creating a trigger on each table.
Erland Sommarskog
2013-01-09 08:39:49 UTC
Permalink
Post by rpresser
You may want to look at having people use the db_datareader role if they
only need readonly access to the database. Or, if you need insert and
update allowed and delete denied, you could use DENY DELETE on each
table, which might be simpler than creating a trigger on each table.
DENY is not going to stop db_owner or sysadmin...
--
Erland Sommarskog, SQL Server MVP, ***@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
rpresser
2013-01-10 07:17:56 UTC
Permalink
Post by Erland Sommarskog
DENY is not going to stop db_owner or sysadmin...
Neither is the RETURN trigger, in a real sense; if you are dbo or sysadmin
you can remove the trigger, do your deletes, dump the transaction log,
erase the backups, then put back the trigger and get away scot free.

But I doubt stopping dbo or sysadmin is really necessary.
Erland Sommarskog
2013-01-10 08:47:18 UTC
Permalink
Post by rpresser
Post by Erland Sommarskog
DENY is not going to stop db_owner or sysadmin...
Neither is the RETURN trigger, in a real sense; if you are dbo or sysadmin
you can remove the trigger, do your deletes, dump the transaction log,
erase the backups, then put back the trigger and get away scot free.
Correct. However, the trigger can stop accidental deletes, or someone who
does know what he is doing.
--
Erland Sommarskog, SQL Server MVP, ***@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
Continue reading on narkive:
Loading...