How to Create and Manage Ledger Tables in SQL Server

In today’s world of strict regulatory compliance and increased scrutiny over data integrity, having mechanisms to prove the authenticity of your data is essential. SQL Server 2022 introduces Ledger tables, a groundbreaking feature that ensures your data is immutable and tamper-evident. Ledger tables provide cryptographic assurance that data has not been altered, deleted, or tampered with, creating a trusted audit trail for applications in finance, healthcare, supply chain, and other sectors that demand strict integrity controls.

This blog will explore:

• What Ledger tables are
• Types of Ledger tables
• How to create, query, and manage Ledger tables
• Commands and practical examples for using Ledger tables

---

What Are Ledger Tables?

Ledger tables are an extension of SQL Server’s system-versioned temporal tables, providing a tamper-evident history of all changes made to the data. This is achieved by maintaining cryptographic hashes of the data modifications. These hashes are stored in a ledger digest that can be periodically saved externally to prove data integrity over time. Even if an administrator attempts to alter the data, the system can detect and highlight any inconsistencies.

---

Types of Ledger Tables

1. Updatable Ledger Tables: These tables allow INSERT, UPDATE, and DELETE operations, while maintaining a historical record of all changes. Each change is cryptographically hashed and saved in the ledger.
2. Append-Only Ledger Tables: These tables only allow data insertion. Once data is inserted, it cannot be updated or deleted, providing an immutable record.

---

Creating Ledger Tables

Ledger tables are easy to create and manage. They follow the basic SQL syntax with the addition of the LEDGER clause.

1. Creating an Updatable Ledger Table

An updatable ledger table allows changes to the data but ensures that every modification is tracked and stored in the ledger history.

-- Create an Updatable Ledger Table
CREATE TABLE FinancialLedger
(
    TransactionID INT PRIMARY KEY,
    AccountID INT,
    TransactionAmount DECIMAL(12,2),
    TransactionDate DATETIME
)
WITH (LEDGER = ON);

• In this example, LEDGER = ON specifies that the table is a ledger-enabled table. SQL Server will automatically track and hash changes, and they will be captured in the history table.

2. Creating an Append-Only Ledger Table

If you want to ensure that no data modifications or deletions can occur, you can create an append-only ledger table.

-- Create an Append-Only Ledger Table
CREATE TABLE ProductLedger
(
    ProductID INT PRIMARY KEY,
    ProductName NVARCHAR(100),
    Price DECIMAL(10, 2),
    CreatedDate DATETIME DEFAULT GETDATE()
)
WITH (LEDGER = ON (APPEND_ONLY = ON));

• Here, APPEND_ONLY = ON prevents any UPDATE or DELETE operations, making it ideal for use cases like transaction logs or audit trails where data must remain immutable.

---

Querying Ledger Tables

You can query the current and historical versions of the data in a ledger table using system-versioning. This allows you to see not only the current state of the data but also its complete modification history.

Example: Querying the History of a Ledger Table

-- Query to get the history of data changes
SELECT * 
FROM FinancialLedger
FOR SYSTEM_TIME ALL;

• This query returns all current and historical versions of the rows from the FinancialLedger table, allowing you to see when and how the data was changed over time.

---

Verifying Ledger Integrity

One of the key features of Ledger tables is the ability to verify that the data has not been tampered with. SQL Server provides built-in functionality to check the integrity of the ledger.

Example: Verifying the Ledger

-- Verifying the integrity of the ledger
EXEC sp_verify_database_ledger;

• This command checks the cryptographic hashes of all ledger tables and ensures that no unauthorized modifications have occurred. The output can be used for external auditing purposes.

---

Viewing Ledger Digest

The ledger digest is a cryptographic hash that represents the state of your ledger. It is crucial for auditing and verifying the integrity of your data. You can store this digest externally for independent validation.

Example: Viewing the Ledger Digest

-- Query to view the ledger digest
SELECT * 
FROM sys.database_ledger_digests;

• This query retrieves the ledger digest, which can be exported to external systems for additional validation.

---

Managing Ledger Tables

1. Updating Data in an Updatable Ledger Table

Although the append-only ledger table doesn’t allow updates or deletions, you can modify data in updatable ledger tables. Every update creates a new version of the data in the history table.

-- Updating a row in an updatable ledger table
UPDATE FinancialLedger
SET TransactionAmount = 250.00
WHERE TransactionID = 1;

• This update will create a new version of the row in the history table, allowing you to track the evolution of the TransactionAmount.

2. Deleting Data in an Updatable Ledger Table

Just like updates, deletes are also tracked in the ledger. When you delete a row from an updatable ledger table, the deleted data is moved to the history table.

-- Deleting a row from an updatable ledger table
DELETE FROM FinancialLedger
WHERE TransactionID = 1;

• The DELETE operation is captured in the ledger, and you can still view the deleted data in the history table.

---

Dropping a Ledger Table

While ledger tables provide tamper-evident auditing, you can still drop them if necessary. However, dropping a ledger table removes its historical data and cryptographic hashes.

-- Dropping a ledger table
DROP TABLE FinancialLedger;

• This command will delete both the table and its ledger history, so consider this carefully, especially for audit-critical tables.

---

Practical Use Cases for Ledger Tables

Ledger tables are ideal for scenarios where tamper-evidence is crucial, such as:

1. Financial Institutions: Track monetary transactions and account balances with the assurance that data cannot be altered without detection.
2. Supply Chain: Maintain a complete, immutable record of product shipments and deliveries.
3. Healthcare: Ensure that patient records remain intact and unaltered while maintaining a full history of any changes.
4. Audit Trails: Regulatory compliance requires accurate and verifiable audit logs, which ledger tables can provide.

---

Conclusion

SQL Server 2022’s Ledger tables offer a powerful solution for ensuring the integrity and immutability of critical data. By cryptographically securing data modifications and providing built-in tools for verifying that no tampering has occurred, Ledger tables help organizations meet regulatory requirements and build trust in their data systems.

With the ability to create updatable or append-only ledger tables, and tools to verify and manage the ledger, SQL Server 2022 brings database security and transparency to the next level.

Start using Ledger tables today and safeguard your data against tampering!

---

For more in-depth information, visit the official Microsoft SQL Server Documentation.