User delete logs

Hi,

We are currently reviewing our Remote Desktop Manager configuration.

When we add a user we use "integrated security Active directory" and "create SQL server login and user" Our DB runs on SQL 2012. We do not configure roles and deselect all options on the tab "privileges". We configure "Permissions" so the user can view the correct entry's but do not give him the rights to add, delete or edit an entry.

However, if that user opens SQL management studio it is possible for him to delete all the log entry's directly by using a SQL statement. We find this a bit of a security risk since a user can delete traces of him accessing a server. It is logical that a user can add an entry. But its not that he is also able to delete everything.

Just to be clear. The user does not have the right to "view shared logs".

Is it possible to prohibit the user from deleting the logs in the Database? Is this an option in the software?