As far as making a table read-only, one of the things you can do is create a separate filegroup and build that table in the filegroup. Then use the ALTER DATABASE command and set the filegroup to read-only.

The one catch to this is that you may have to undo the read-only status prior to applying a service pack. Remove read-only, apply the service pack, and then reapply the read-only status would be the procedure there.

As far as preventing tables from being dropped or users from being added, I think this goes back to trust. Just as you have to trust whoever is holding domain admin rights (or enterprise admin rights for that matter), you are going to have to trust your senior DBAs. Junior DBAs can have reduced permissions, but you'd expect your senior DBAs not to go making changes without careful planning.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1