For example, I have a table called stuff
and it has a column called name
.
I want my users to be able to INSERT
into the name
column, but not UPDATE
or DELETE
.
I know I can control this from the middle-tier business logic code, but is there some way to also prevent this at the MySQL database level for extra security?
I did see an old answer on SO about triggers but it's from 2013 and is probably out of date. I'm looking for a MySQL 8 answer.
A possible solution is to implement permissions on users or groups:
https://dev.mysql.com/doc/refman/8.0/en/grant.html#grant-column-privileges
GRANT SELECT (col1), INSERT (col1, col2) ON mydb.mytbl TO 'someuser'@'somehost';
So you your case it would be something like:
REVOKE ALL PRIVILEGES on mydb.stuff to 'userorgroup'@'somehost'
GRANT INSERT(name) ON mydb.stuff TO 'userorgroup'@'somehost'
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.