I created a user login and gave only datareader and datawriter roles to the specific database. however, datawriter can insert,update and delete. I dont want the login to have delete access.
If you do not want the user to DELETE, then you have to remove it from the db_datawriter role and create your own role, then grant the appropriate permissions to that *custom* role.