Home
Join

10 Replies

  • Most databases can have access levels for users or processes set to read only. This vendor however may require full access to the db and certain tables in order to function properly. You are trying to compare apples to oranges here.

    Spice (4) flagReport
    1 found this helpful thumb_up thumb_down
  • Databases also store metrics and configurations for applications. Some store documents and images. It is rare that a database can be set to read only. As stated by Rockn, many users can have read only access so they cannot add any information. But the application usually needs to keep the database fields updated.

    Spice (3) flagReport
    1 found this helpful thumb_up thumb_down
  • The broad answer is "yes," but without sufficient details, it's impossible to give you a useful answer.  You don't specify what you asked your vendor to do, how to do it, why, and what the constraints of the application are (because remember, it's not just a database).

    In a sense, your question was akin to "can a car be made to go faster?  The mechanic tells me 'no.'"

    Broadly, yes, a car can theoretically be made to go faster than its rated output, speedometer limit, etc.  But is it wise?  Is it practical?  Is it cost-effective?  Is it even within the bounds of physics, physical limitations, or safety for that particular vehicle?  What liability would the mechanic incur if he/she did *something* to make your Ford Focus hit 205 mph?

    What kind of drivetrain and motor would have to be shoved into that Focus to make that happen?  What kind of fuel?  Does the engine compartment have enough room for that to even be reality?  What about brakes?  Do you have enough physical space to install an appropriate braking system that could slow down and stop a Focus that hits 205 mph?  How about aerodynamics?  What kind of spoiler would you need to keep the thing from flying off into the air and landing on its roof?

    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down
  • Thanks, guys. This does answer my question since it really was in the broadest and most general sense. I understand some fields may still need to writable such as access records and permission modification. I appreciate the time taken for input. To go along with Fessor's comment, this database is storing the equivalent of documents and images- that's all we're asking to be able to set to read only.

    Thanks again.

    Was this post helpful? thumb_up thumb_down
  • Yeah, it really depends on how the application behaves.

    Most databases store metrics and other operational data in system tables.  These must be read-write at all times.  Most applications store data in special containers, and depending on how the application works it could break if set to read-only.

    As an example, our ERP runs over Oracle (the actual database doesn't matter).  The data for the ERP lives in a container.  The data for job scheduling and reports lives in a different container.  I can set the ERP data to read-only and users can run reports but they cannot change data.  If, however, the job and report data lived in the same container (or if I made that read-only as well) the system would break because no reports could be added.

    It really depends on how the application is separating data, not to mention how it handles database exceptions when a user tries to add or change information that lives in a read-only area.

    If your vendor is telling you it can't be done, it likely has to do with how they store metadata or, possibly queries - making the application unusable.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • The application always needs to connect to the database with some sort of login.  You could always deny write access to those certain tables for that login.  Could it break the application?  Possibly.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Insofar as SQL Server is concerned, it is a far better practice to control read/write ability using permissions for various Users on the databases (or as part of the security in the software itself), rather than making the database itself read-only.  Read-only generally comes into play using certain high availability options.  That is more instance level than software level.

    I imagine other database engines are similar.

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • Larry Shanahan wrote:

    Insofar as SQL Server is concerned, it is a far better practice to control read/write ability using permissions for various Users on the databases (or as part of the security in the software itself), rather than making the database itself read-only.  Read-only generally comes into play using certain high availability options.  That is more instance level than software level.

    I imagine other database engines are similar.

    Yes, and I just made an edit to my original post for clarification, and I apologize if I caused any confusion leaving out this info, but this would be using the database management interface, not doing something crazy like setting the file system permission of the database file to read-only, which I know in most cases (if not all) would not work.

    Was this post helpful? thumb_up thumb_down
  • Larry Shanahan wrote:

    Insofar as SQL Server is concerned, it is a far better practice to control read/write ability using permissions for various Users on the databases (or as part of the security in the software itself), rather than making the database itself read-only.  Read-only generally comes into play using certain high availability options.  That is more instance level than software level.

    I imagine other database engines are similar.

    This ^^^^ is unique to SQL Server, because its concept of "permissions" mimic Windows filesystem permissions, which allows the administrator to deny writes to the data owner.  With most databases, there is no [logical] way to prevent the owner from writing.  There are, generally, two ways to "fix" this:

    1. Create a new user with permissions to read the other owner's data
    2. Set the data container to read-only
    EDIT:  Just saw previous post regarding file permissions.  This has nothing to do with data access.  That all has to go through the engine.  Changing file permissions would mess with the entire database - and you never want to do that.
    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • It's also worth noting that you can set a connection to a database server to be read-only such that, even if the database user in question has read-write permissions on a table, they will not be able to write to that table as the connection itself is specifying to only process commands that only require read access (like a SELECT statement).

    It's kind of like how you can give someone full permission to a folder on a system locally through the file system permissions but only allow them read permission if accessing that same folder though a network share.

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down

Read these next...

  • Spark! Pro series – 23rd May 2022

    Spark! Pro series – 23rd May 2022

    Spiceworks Originals

    Happy Monday!  Welcome to the Monday Spark!  Grab a cup of Coffee and read on! To start things off… A Monday Quotes Top 10. 1. Monday should be optional. 2. Good morning. Keep calm and pretend it’s not Monda...

  • Need help preparing company computers for sale (intune)

    Need help preparing company computers for sale (intune)

    Windows

    Hi Folks,              The Company I work for has just sold off its sales operation. As part of the sale, several laptop & desktop computers that were used in the sales department will be taken to the new companyMy Director has asked me to effectively pre...

  • IP Camera Monitoring System REQUIREMENT

    IP Camera Monitoring System REQUIREMENT

    Hardware

    Hello,I have:1- 150 HIKVISION IP camera 4MP 2- 5*32-CH HIKVISION NVR I want to display a live view of the 150 camera on a video wall.What is the additional required devices should I have?I think I just need a video wall controller and a high performance p...

  • What do you geek out about?

    What do you geek out about?

    Spiceworks

    In honor of Geek Pride day on May 25th, we want to know about your unique hobbies and interests and all the things you could spend hours talking about.Are you a huge comic book fan?  Do you love creating megastructures out of LEGO bricks?  Are you int...

  • Snap, AD auth fixes, Canada bans Huawei, Linux, space lasers, & Daredevil

    Snap, AD auth fixes, Canada bans Huawei, Linux, space lasers, & Daredevil

    Spiceworks Originals

    Your daily dose of tech news, in brief. Welcome to not only Friday, but according to Lonny6654 who wrote today's community-created Spark article, it is also World Bee Day. To raise awareness of the importance of pollinators, the threats they face, ...