I would like to create an enforced append only table in my postgres db. After a bit of research, I realized that a solution that will answer my requirements will be to revoke ALL operations on that table from ALL roles and then run an insert priveleges to all these roles, like so:
REVOKE ALL ON TABLE ticket_trail FROM PUBLIC;
GRANT INSERT ON TABLE ticket_trail TO PUBLIC;
but that doesn't seem to work. I think that revoking it from PUBLIC does not revoke it from my admin user or other users that I have.
How can I revoke ALL from ALL roles and then GRANT INSERT to all these roles again? Any better ways to achieve an enforced append only table?
Better add a
before update or delete
trigger with a trivial trigger function that returnsnull
. This will work for all users regardless of their roles and privileges.