tags:

views:

79

answers:

7
+3  Q: 

Is there a way to prevent Triggers from being disabled?

I have a trigger on a table that should never be disabled. It performs certain checks and there have been occasions when other developers have disabled it to get around it. This is not good so I want to be able to turn off trigger disablement on this table alone. Is this possible? If not, any suggestions please. thanks.

WORKAROUND: Seems from peeps responses that it's not possible to prevent it. Maybe getting an alert would be suitable. This is a good article, shame it doesn't work with EventData though. Maybe in 2008, this is resolved: http://www.simple-talk.com/sql/database-administration/dml-trigger-status-alerts/

+2  A: 

No. Disabling is an admin operation and as such can not be prevented. You can check whether triggers are disabled by code.... but not prevent disabling.

Makes sense, even for example for developers (during debugging).

TomTom  2010-06-17 10:07:48
Maybe just checking is the way forward. i.e. Report them using a DDL trigger or something. But apparently the EVENTDATA doesn't work 100% of the time. see my link above. Thanks though, got me thinking.
HAdes  2010-06-17 10:54:17
+7  A: 

You don't have a technical problem, you have a social problem.

Who are these "other developers"?

Why are they adjusting the triggers?

What is their purpose?

What's wrong with the trigger?

You should talk to them and learn what their problem is.

Don't waste time on looking for a technical "solution" that will only make the problem worse or more complex. Find the people. Talk with them.

S.Lott  2010-06-17 10:08:46
Yes i agree, in an ideal world people would listen and wouldn't cut corners. But that's reality. In this situation, we have documentation on how to deal with getting around the trigger, rather than disabling it (i.e. set a flag) but obviously certain developers know better.
HAdes  2010-06-17 10:53:01
And remove DDL permissions if it's production.
gbn  2010-06-17 11:17:37
@HAdes: I have no idea what your comment means. In the **real** world, people do not cooperate (hence your question) and you need to talk with them to get them to cooperate. In some fantasy world, documentation might help. In the **real** world you have to really talk with the real people and find out why they're really disabling the trigger.
S.Lott  2010-06-17 14:15:59
So why have any controls in place whatsoever? If all we ever need to do is talk to people to ask them to cooperate then we can just tell them to not drop databases/tables/sps or not to go and delete files from the file server and we can just remove permissioning completely, allowing everyone to roam freely. In my opinion, sometimes you have to enforce rules.
HAdes  2010-06-17 14:35:51
@HAdes: You **must** enforce the rules. You enforce the rules by **talking**. Find out why they're trying to break the rules. Find out if the rules are wrong. You enforce the rules by meeting with people and assuring that they understand the rules and are able to follow them. I **never** said there are no rules. I said you must **talk** with people.
S.Lott  2010-06-17 22:03:08
It's good to talk, i agree. Just not in this situation.
HAdes  2010-06-18 09:00:58
@HAdes: Since there are **no** technical means, you **must** talk.
S.Lott  2010-06-18 09:58:20
+1  A: 

Maybe You can create another user, grant select/insert/update/delete on additional tables to new user. Or, You can revoke access to triggers to your user, which owns tables.

ksogor  2010-06-17 10:09:37
+4  A: 

Any solution you put in place can be disabled by developers anyway, such as DDL triggers

The only solutions are

  • remove rights to disable the triggers
  • sack/shoot/hurt the developers if they won't change
gbn  2010-06-17 11:20:19
+1 - I successfully used the DDL triggers - not that I disabled any DDL changes but also logged the attempts and reviewed on daily basis. Yes, simply revoking permissions is the right thing to do but political situations may not allow this.
IMHO  2010-06-17 17:32:00
+3  A: 

Developers should not have admin rights to a production database. They should not be able to disable triggers because they should not have the rights on prod to do anything except select.

What is the problem with the trigger(s) that people feel the need to disable it? It is badly written? Does it not handle multiple rows correctly? Does it prevent something from happening that they need to happen?

In this situation, we have documentation on how to deal with getting around the trigger, rather than disabling it (i.e. set a flag) but obviously certain developers know better.

This indicates to me that the trigger itself is a problem. Rewrite it so there does not need to be a workaround.

Based on a comment

Add an over-ride trigger field to your data. When you want to override it, send in a value of 1, if the inserted table has a value of one, then have an if stament that ignores the parts of the trigger you need ignored for those records but that then goes on and does the other trigger operations. At the end reset the value of the override field to null.

Alternatively, put the audit triggers in separate triggers, so when they disable the one they need to temporarily disable, the audit triggers still run.

Or take the "sometimes we run it stuff" out of the trigger altogether and add it to the processes that insert records where you want it to run and not to the others.

HLGEM  2010-06-17 15:17:54
We need logic in the trigger which prevents data from being edited after a date set in another table. Sometimes, however, at management requests we have to override this and allow editing. Disabling the trigger then means we lose the other stuff in the trigger, such as auditing. I can't see how this could be re-written any other way.
HAdes  2010-06-18 09:06:20
+2  A: 

I tend to agree with HLGEM's comment. You are probably doing the wrong thing in a trigger and that's why people feel the need to circumvent it. So get rid of it or rewrite it. I say "probably" because almost all triggers are unnecessary and triggers are usually a poor place to put data manipulation code. Triggers that enforce business rules without modifying data are reasonable enough. Triggers that actually do UPDATEs, INSERTs and DELETEs are generally much more trouble than they are worth and can nearly always be replaced with better alternatives.

dportas  2010-06-17 18:42:17
A: 

Whenever possible, use constraints, and make sure that they are trusted.

AlexKuznetsov  2010-06-17 18:53:53

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?