SQL Academy · Lesson

Column-Level Permissions

Hide sensitive columns.

Why Column-Level Permissions Matter

Not every user should see every column in a table. A salary column, a password_hash, or a credit_card_number may live in the same table as perfectly public data like a username or email.

Column-level permissions let you grant access to specific columns rather than the entire table, keeping sensitive data hidden from users who have no business reason to see it.

GRANT on a Whole Table

By default, GRANT SELECT ON table gives a role the ability to read all columns. This is fine for public data, but problematic when the table mixes sensitive and non-sensitive columns.

The query below gives the analyst role full read access to the employees table — including salary and SSN.

GRANT SELECT ON employees TO analyst;

All lessons in this course

Roles and Privileges
Row-Level Security Policies
Column-Level Permissions
Auditing Access

← Back to SQL Academy