Can I prevent update or delete on an Oracle DB?

Question

I have to implement a financial application. One of the acceptance criteria is:

"The data may never change."

Therefore I need to prevent update and delete operations on the database, because it will be deployed on machines owned and administrated by the customer.

Is this even possible? Maybe with triggers? If not, are there any other databases that can prevent update and delete ?

Answer 1

The easiest way is via roles, such as a query role. Grant select on the list of tables to that role, and grant that role to the user of your application. You can of course create others such as an admin role with update and delete privileges, to be granted later on when needed.

Example:

CREATE ROLE FIN_APP_INS_SEL_ROLE;                                   
GRANT INSERT, SELECT on <table1> to FIN_APP_INS_SEL_ROLE;
GRANT INSERT, SELECT on <table2> to FIN_APP_INS_SEL_ROLE;
GRANT CONNECT, FIN_APP_INS_SEL_ROLE to <app_user>; 

You can also make tablespaces read only,

ALTER TABLESPACE <name> READ ONLY;

or the entire database read only.

ALTER DATABASE OPEN READ ONLY;

Answer 2

It turns out to be impossible.

There is no way to grant an INSERT privilege without allowing to UPDATE . As I understand it, the INSERT privilege is interpreted as may alter data of that table .