deleteWithoutWhere

deleteWithoutWhere is a custom policy check that checks for the phrase "DELETE FROM" without "WHERE".

Learn how to create and customize the deleteWithoutWhere Liquibase Custom Policy Check using a Python script. For a conceptual overview of this feature, see Liquibase Pro Custom Policy Checks.

This example works for relational and non-relational databases which support this statement. You can use this check as it is or customize it further to fit your needs in your SQL or NoSQL database.

Before you begin

*Last updated: August 15, 2025*

Scope	Database
database	Any

Liquibase 4.29.0+
Python 3.10.14+
Configure a valid Liquibase Pro license key
Create a Check Settings file
Ensure the Liquibase Checks extension is installed. In Liquibase 4.31.0+, it is already installed in the /liquibase/internal/lib directory, so no action is needed.
If the checks JAR is not installed, download liquibase-checks-<version>.jar and put it in the liquibase/lib directory.

Tip: Downloading Python itself is not required to create custom checks in the Liquibase checks framework, but it may be useful to test checks against Python 3.10.14+.

Procedure

These steps describe how to create the Custom Policy Check. It does not exist by default in Liquibase Pro.

Add this code to your Checks Settings file:

deleteWithoutWhere Python Script

# # #
# # # This script ensures only changes using current schema are allowed
# # #
# # # Notes:
    # # # 1. Only checks
for schemas available in snapshot
# # #

# # #
# # # Helpers come from Liquibase
# # #
import sys
import liquibase_database
import liquibase_utilities

# # #
# # # Functions
# # #
def find_snapshot_object(object_list, type, key, value):
    ""
"Returns a snapshot object given a key (e.g., name) and attribute."
""
for object in object_list:
    if object[type][key].lower() == value.lower():
    return object
return None

# # #
# # # Retrieve log handler
# # # Ex.liquibase_logger.info(message)
# # #
liquibase_logger = liquibase_utilities.get_logger()

# # #
# # # Retrieve status handler
# # #
liquibase_status = liquibase_utilities.get_status()

# # #
# # # Retrieve JSON snapshot
# # #
liquibase_snapshot = liquibase_utilities.get_snapshot()

# # #
# # # Exit
if schema data is missing
# # #
if not "liquibase.structure.core.Schema" in liquibase_snapshot["snapshot"]["objects"]:
    liquibase_status.fired = False
liquibase_logger.warning("Schema data missing from snapshot. Check skipped.")
sys.exit(1)

# # #
# # # Retrieve schemas from snapshot
# # #
all_schemas = liquibase_snapshot["snapshot"]["objects"]["liquibase.structure.core.Schema"]

# # #
# # # Retrieve current schema name, remove from all_schemas
# # #
current_schema = liquibase_database.get_default_schema_name(liquibase_utilities.get_database())
current_schema_object = find_snapshot_object(all_schemas, "schema", "name", current_schema)
if current_schema_object != None:
    all_schemas.remove(current_schema_object)

# # #
# # # Retrieve all changes in changeset
# # #
changes = liquibase_utilities.get_changeset().getChanges()

# # #
# # # Loop through all changes
# # #
for change in changes:
    # # #
# # # LoadData change types are not currently supported
# # #
if "loaddatachange" in change.getClass().getSimpleName().lower():
    liquibase_logger.info("LoadData change type not supported. Statement skipped.")
continue
# # #
# # # Retrieve sql as string, remove extra whitespace
# # #
raw_sql = liquibase_utilities.strip_comments(liquibase_utilities.generate_sql(change)).casefold()
raw_sql = " ".join(raw_sql.split())
# # #
# # # Split sql into statements
# # #
raw_statements = liquibase_utilities.split_statements(raw_sql)
for raw_statement in raw_statements:
    # # #
# # # Split raw_statement into list
# # #
sql_list = raw_statement.split()
# # #
# # # Check
for schemas from snapshot
# # #
for schema in all_schemas:
    if schema in sql_list:
    liquibase_status.fired = True
status_message = str(liquibase_utilities.get_script_message()).replace("__SCHEMA_NAME__", f "\"{current_schema}\"")
liquibase_status.message = status_message
sys.exit(1)

# # #
# # # Default
return code
# # #
False

Initiate the customization process

In the CLI, run this command:

liquibase checks customize --check-name=CustomCheckTemplate

The CLI prompts you to finish configuring your file. A message displays:

This check cannot be customized directly because one or more fields does not have a default value.

Liquibase will then create a copy of CustomCheckTemplate and initiate the customization workflow.

Give your check a short name so you can easily identify what Python script it is associated with

Use up to 64 alpha-numeric characters only.

In this example we will name the check:

deleteWithoutWhere

Set the Severity to return a code of 0-4 when triggered.

These severity codes allow you to determine if the job moves forward or stops when this check triggers. Learn more here: Use Policy Checks in Automation: Severity and Exit Code options: 'INFO'=0, 'MINOR'=1, 'MAJOR'=2, 'CRITICAL'=3, 'BLOCKER'=4

Set the SCRIPT_DESCRIPTION

In this example, we will set the description to:

This script triggers when the phrase "DELETE FROM" without "WHERE" is detected.

Set the SCRIPT_SCOPE

In this example, we will set the scope to:

database: If your check looks for the presence of keys, indexes, or table name patterns in your database schema including Liquibase Tracking Tables. With this value, the check runs once for each database object.

Set the SCRIPT_MESSAGE

This message will display when the check is triggered. In this example we will use:

In this example we will use:

The phrase "DELETE FROM" without "WHERE" is detected. All DELETE statements must have a WHERE clause before proceeding.

Set the SCRIPT_PATH

This is the relative path where your script is stored in relation to the changelog specified in --changelog-file, whether it is stored locally or in a repository.

In this example, we will set the path to:

scripts/delete-without-where.py.

This check does not require a SCRIPT_ARGUMENT, so leave this blank.

Set the REQUIRES_SNAPSHOT

If your script scope is changelog, set whether the check requires a database snapshot. Specify true if your check needs to inspect database objects.

If your script scope is database, Liquibase always takes a snapshot, so this prompt does not appear.

Note: The larger your database, the more performance impact a snapshot causes. If you cannot run a snapshot due to memory limitations, see Memory Limits of Inspecting Large Schemas.