In order to prevent accidental loss of data from engineering mistakes, is it possible to limit the rows affected by a delete in google spanner?
There is a service account configured with roles/spanner.databaseUser, but in normal operation it should never delete more than a single row at a time. In order to prevent serious application bugs that accidentally match more than intended, is it possible to limit the number of rows deleted at a time by the service account?
No, it currently is not possible to enforce access rules in this manner.
As a soft workaround, you should wrap the delete operation in a helper method that only allows a single row delete and ensure your code only ever calls that helper method.