views:

71

answers:

4

Within SQL Server 2005, is there a way, with a single statement, to deny delete on rows in a particular table for all users of the database?

A: 

Kind of extreme, but you can look at an INSTEAD OF DELETE trigger to ignore the deletions. You could raise an error similar to 'delete access ... denied'

Obviously users with db_owner access privileges could drop the trigger

nonnb
A: 

if you want to row based restriction create a table (for lock) and insert ids of rows that you want to protect. and create a relation.

MahmutHAKTAN
+3  A: 

try this:

CREATE TRIGGER yourTriggerName ON YourTableName
INSTEAD OF DELETE
AS

    ROLLBACK
    RAISERROR('ERROR, DELETEs not permitted in YourTableName!!!',16,1)
    RETURN

go

working sample:

CREATE TABLE XYZ  (RowID int)
INSERT XYZ VALUES(1)
INSERT XYZ VALUES(2)
go 

CREATE TRIGGER yourTriggerName ON XYZ
INSTEAD OF DELETE
AS

    ROLLBACK
    RAISERROR('ERROR, DELETEs not permitted in XYZ!!!',16,1)
    RETURN

go

delete XYZ

OUTPUT:

Msg 50000, Level 16, State 1, Procedure yourTriggerName, Line 6
ERROR, DELETEs not permitted in XYZ!!!
Msg 3609, Level 16, State 1, Line 1
The transaction ended in the trigger. The batch has been aborted.
KM
A: 

Only triggers (or refactor your security/permission model)

One example where permissions won't help: If you have stored procs that delete rows, and both the proc/table have the same owner, table permissions will not be checked, even DENY. See ownership chaining. So users can delete or change data without any rights on the table at all.

gbn