---
id: resolve-audit-logs-ownerid-cascade
name: Resolve audit_logs.ownerId NOT NULL + SET NULL contradiction
status: completed
depends_on: []
scope: narrow
risk: critical
impact: component
level: implementation
---

## Description

`audit_logs.ownerId` is declared `text NOT NULL` in `identity.md:112` but has `onDelete: SET NULL` in `table-reference.md:71`. PostgreSQL will reject the DELETE because it cannot nullify a NOT NULL column.

## Decision (D1)

**Change cascade to RESTRICT**. Audit trails should prevent account deletion — this follows the "audit/traceability data: RESTRICT" cascade pattern. Accounts with audit entries cannot be hard-deleted. Account deactivation (via the new `status` column, D5) is the path for handling departed users.

## Acceptance Criteria

- [ ] `audit_logs.ownerId` cascade is changed from `SET NULL` to `RESTRICT` in `table-reference.md:71`
- [ ] `identity.md` documents that `ownerId` is NOT NULL with RESTRICT cascade, explaining that accounts with audit entries cannot be deleted
- [ ] The rationale is documented: "audit trails must preserve accountability; RESTRICT prevents data integrity violations and ensures audit completeness"
- [ ] Note about operational implication: "accounts with audit entries are deactivated (status: suspended/deactivated) rather than deleted"
- [ ] Cross-reference to D5 (account deactivation via status column)

## References

- docs/reviews/storage-architecture-review-2026-04-21.md#C01
- docs/decisions/storage-spec-phase1-resolutions.md#D1
- docs/architecture/storage/identity.md:112
- docs/architecture/storage/table-reference.md:71

## Notes

> To be filled by implementation agent

## Summary

> To be filled on completion