Technology Encyclopedia Home >Can the account permissions in MariaDB be set for a certain field in a certain table to be write-only but not read-only?

Can the account permissions in MariaDB be set for a certain field in a certain table to be write-only but not read-only?

Created on 2025-06-18 15:27:08
53

In MariaDB, standard account permissions do not support setting field-level write-only access directly. Permissions are typically granted at the table level (e.g., SELECT, INSERT, UPDATE, DELETE) or column level (e.g., INSERT(column_name), UPDATE(column_name)), but there is no built-in privilege to allow updates while explicitly denying reads for a specific field.

However, you can achieve a similar effect using a combination of views and stored procedures:

  1. Restrict direct table access: Grant the user INSERT and UPDATE permissions on the table but deny SELECT.
  2. Use a view for read access: Create a view that excludes the sensitive field and grant SELECT on the view instead of the table.
  3. Stored procedures for controlled writes: If stricter control is needed, use stored procedures to handle updates, granting EXECUTE permission while keeping table permissions minimal.

Example:

-- Create a table  
CREATE TABLE users (id INT, username VARCHAR(50), password_hash VARCHAR(255));  

-- Grant insert/update but deny select on the table  
GRANT INSERT, UPDATE ON users TO 'app_user'@'%';  
REVOKE SELECT ON users FROM 'app_user'@'%';  

-- Create a view excluding the sensitive field  
CREATE VIEW users_view AS SELECT id, username FROM users;  

-- Grant select on the view  
GRANT SELECT ON users_view TO 'app_user'@'%';

For more advanced scenarios, Tencent Cloud Database for MariaDB provides fine-grained access control through its security groups and privilege management, allowing you to restrict access at the network and account levels. Additionally, Tencent Cloud TDSQL-C (a high-performance MariaDB-compatible database) supports automated backups and encryption, enhancing data security.