问题
I am wondering if is there a way to make a table writable only by an specific trigger in SQL Server or Oracle DB. Just to make an example:
Table: "Operation"
ID | Date | Account1_ID | Account2_ID | Amount
Table: "Transactions"
ID | Date | Account | Debt | Credit
What I want to ensure is that the Transactions table only receive data from a trigger in the Operation table.
Is there a way to achieve that?
回答1:
Execute As allows you to create a trigger that runs as a user different to the current user. So you can create a separate user who has write access to your TRANSACTIONS table, and execute the trigger as that user.
If no other users have write access, only the trigger user can modify the data.
Of course you then need to make sure nobody can log in as that user, and that you can trust your DBA to manage the account.
回答2:
If you're looking for a solution that does something like alter table TRANSACTIONS read only inside of a trigger you're going to be disappointed because you can't include DDL inside of a trigger due it giving an implicit commit (this is a very good thing).
I guess the real question you have to answer is what you really mean by only receive data from a trigger in the operation table. Are you afraid of other users inserting data directly into that table? What does your application logic do? Does it handle this?
来源:https://stackoverflow.com/questions/27228709/sql-server-oracle-table-writable-only-by-a-trigger