rpfelgueiras (3/10/2011)
Hi!!Today I had a problem with an important table on my database.
Someone updated all rows in that table, by mistake, because he did not put the where clause.
I'm wondering if exists some way to ensure that everyone use the Where clause on this table, with some kind of trigger. Is that possible?
Thks, excuse my rusty english
The real answer is, of course, only allow access to the table through stored procedures that you control!
MM
select geometry::STGeomFromWKB(0x0106000000020000000103000000010000000B0000001000000000000840000000000000003DD8CCCCCCCCCC0840000000000000003DD8CCCCCCCCCC08408014AE47E17AFC3F040000000000104000CDCCCCCCCCEC3F9C999999999913408014AE47E17AFC3F9C99999999991340000000000000003D0000000000001440000000000000003D000000000000144000000000000000400400000000001040000000000000F03F100000000000084000000000000000401000000000000840000000000000003D0103000000010000000B000000000000000000143D000000000000003D009E99999999B93F000000000000003D009E99999999B93F8014AE47E17AFC3F400000000000F03F00CDCCCCCCCCEC3FA06666666666FE3F8014AE47E17AFC3FA06666666666FE3F000000000000003D1800000000000040000000000000003D18000000000000400000000000000040400000000000F03F000000000000F03F000000000000143D0000000000000040000000000000143D000000000000003D, 0);
rpfelgueiras (3/10/2011)
Thks about your answers, but I have a question (i'm newbie in this kind of stuff): on my post i'm talking about updates, and not about deletesCan I do this to update too? It works by the same way?
Oh, my bad! Sorry, I must have missed it from the start.
However, it works for updates as well. You will have to play with counts from the physical table and the DELETED logical table (it will hold all rows modified).
I suppose that for some reason you can't deny direct access to the table: it happended to me some years ago and I ended up coding a trigger to capture and reject all modifications from SSMS, unless explicitly requested by setting a CONTEXT_INFO:
CREATE TRIGGER MyTrigger
ON MyTable
FOR INSERT,DELETE,UPDATE
AS
BEGIN
SET NOCOUNT ON;
DECLARE @program_name nvarchar(128)
SELECT @program_name = program_name
FROM sys.dm_exec_sessions
WHERE session_id = @@spid
-- Is it SSMS?
IF @program_name LIKE '%Management%Studio%'
BEGIN
IF CONTEXT_INFO() IS NULL OR CONTEXT_INFO() <> 0xCAFEBABE
BEGIN
-- Accidental update? No, thanks.
RAISERROR('No updates allowed here!!',16,1)
ROLLBACK
RETURN
END
ELSE
BEGIN
-- Explicit update, let through and reset CONTEXT_INFO.
SET CONTEXT_INFO 0x0
END
END
END
GO
--- Script to allow updates from SSMS:
SET CONTEXT_INFO 0xCAFEBABE
UPDATE MyTable
SET SomeField = 1
WHERE Id = 100
It doesn't prevent people from messing with data with a bad query (or intentionally), but it prevents accidental updates. Also, the error message you get when a query is issued without setting CONTEXT_INFO reminds you that this is a VERY important table and you should update it carefully.
-- Gianluca Sartori
instead stopping scripts without WHERE clause for a particular table (which we do by triggers),
is there a way like parsing all queries running on SSMS which doesnt have a WHERE clause, may be by any add-on parser tool, which does for us.?
Viewing 11 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply