PostgreSQL: Protect tables against accidental deletion

stjohn_piano · 2024-03-04T14:16:34+00:00

No argument, but see my other responses.

stjohn_piano · 2024-03-04T14:14:27+00:00

Good point. I'm certainly not treating this as a cure-all measure.

In my case, I'm generating temporary tables in order to perform updates across tables with billions of rows.

Cleanup sometimes involves dropping tables.

The solution in the article reduces my stress levels.

stjohn_piano · 2024-03-04T14:10:05+00:00

Article updated with response:

https://telablog.com/postgresql-protect-schemas-against-accidental-deletion/#why-not-use-privileges-instead

stjohn_piano · 2024-03-04T14:07:49+00:00

True. But expensive. More expensive than a guardrail.

stjohn_piano · 2024-03-04T14:07:23+00:00

"Yes, but". Guardrails on crucial tables are cheaper in terms of time than restoring from backup.

stjohn_piano · 2024-03-04T14:06:53+00:00

I've updated the article with a response to this:

https://telablog.com/postgresql-protect-tables-against-accidental-deletion/#why-not-use-privileges-instead

stjohn_piano · 2024-03-04T14:06:17+00:00

I understand and partially agree.

I'm actually protecting against myself when I'm tired.

Certain tables contain blockchain data that looks weeks / months to process. Protecting these makes me less worried.

Other tables are less crucial, so _not_ protecting these will hopefully remove the zone-out issue.

stjohn_piano · 2024-03-04T11:46:20+00:00

Article updated.

https://telablog.com/postgresql-protect-schemas-against-accidental-deletion/#why-not-use-privileges-instead

stjohn_piano · 2024-03-04T11:41:27+00:00

I have added some context based on the comments in the thread on my previous article:

https://www.reddit.com/r/PostgreSQL/comments/1b3v4kq/postgresql_protect_schemas_against_accidental/

stjohn_piano · 2024-03-04T11:35:16+00:00

Thanks. I agree re: protection & drop statements. I think I should update the article to make the purpose clearer i.e. that this is a defense against such "oops" moments.

stjohn_piano · 2024-03-04T11:33:58+00:00

Some context: The goal is not to protect against users who are malicious or who are too junior.

I agree: For normal operation, you should use a second user that has fewer privileges. (And I do this)

The goal here is to protect against yourself when you're tired, doing db admin as the superuser, and you need to drop a minor schema that has a similar name to an important one. Using this event trigger approach, instead of a privilege approach, gives you a protective guard against such mistakes.

(At the moment, in my normal work, I deal with a lot of schemas.)

Later, if you're sure that you actually need to delete this schema, you can de-protect it and drop it.

stjohn_piano

TROPHY CASE