Mysql：允许查询其他不可用的列？

Question

I have a table with a column that I want to prevent certain users from seeing. I understand that I should be able to do this using a view, ie have a view which excludes the particular column, and deny access to the table but allow access to the view (note, users do not need to be able to update the table/view).

I do however want to allow an equality query against the field. Such as:

SELECT * FROM some_table_or_view WHERE hidden_field = 'some_value';

To clarify:

• it should not be possible to have the hidden_field values be returned in a general query
• it should be possible to run a query with a constraint (preferably only an equality constraint) on the hidden_field value

Is this possible?

(EDIT: if there's a solution in a dbms other than Mysql, I'd be happy to hear about that, too).

Answer 1

You can create a stored procedure which would return all the fields you allowed it to return, and then you can pass the hidden_value (filtering criterion) as a parameter.

Forbid your database users accessing the table, but allow them to call stored procedures.

Then of course, you would have to create several stored procedures if you had several types of queries against the table. But at least it solves your problem with the rights.

Answer 2

No it is not. Giving a user a possibility to filter the results with the column hidden_value means that they have select rights, and that also means they can see the column, and therefore select it. Here http://dev.mysql.com/doc/refman/5.1/en/grant.html is a list of the rights you can grant or not grant to the users in mySQL.