MySQL Error 1143 occurs when a user attempts to access a column without the required column-level privileges. Grant the missing SELECT, INSERT, or UPDATE permission on that column to fix it.
MySQL Error 1143 (ER_COLUMNACCESS_DENIED_ERROR) is raised when a user issues a SELECT, INSERT, UPDATE, DELETE, or other statement that touches a column for which they lack explicit privileges. Unlike Error 1142 (which blocks access to all columns in a table), Error 1143 means the user has some column privileges but not for the specific column they're trying to access. MySQL enforces both table-level and column-level permissions, checking column privileges after table permissions pass. This error indicates a security restriction is preventing the operation.
The error message contains the restricted column name in format: "ERROR 1143 (42000): <command> command denied to user 'username'@'host' for column 'columnname' in table 'tablename'".
Example:
ERROR 1143 (42000): SELECT command denied to user 'app_user'@'localhost' for column 'salary' in table 'employees'Note the exact column name and table name from the error message.
Use your administrative account to check and modify permissions.
mysql -u root -pEnter your root password when prompted. You need admin privileges to grant column-level permissions.
Query the information schema to see what column privileges the user currently has:
SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE = '"username"@"hostname"'
ORDER BY TABLE_NAME, COLUMN_NAME;Replace username and hostname with the actual user account (including quotes). For example:
SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE = '"app_user"@"localhost"'
ORDER BY TABLE_NAME, COLUMN_NAME;This shows you exactly which columns have explicit privileges granted.
Use the GRANT statement to grant the needed privilege on the specific column. The syntax depends on what operation the user needs:
For SELECT (reading column values):
GRANT SELECT (column_name) ON database_name.table_name TO 'username'@'hostname';For INSERT (adding values to column):
GRANT INSERT (column_name) ON database_name.table_name TO 'username'@'hostname';For UPDATE (modifying column values):
GRANT UPDATE (column_name) ON database_name.table_name TO 'username'@'hostname';For multiple columns:
GRANT SELECT (id, name, email), UPDATE (email) ON mydb.users TO 'app_user'@'localhost';Real example:
GRANT SELECT (salary) ON company.employees TO 'report_user'@'localhost';After granting privileges, flush the privileges table to reload permissions into memory:
FLUSH PRIVILEGES;Without this step, the user's existing connections may not see the new permissions. This forces MySQL to reload all user privileges from the mysql.user, mysql.db, and mysql.columns_priv tables.
Disconnect the restricted user and reconnect with a fresh session to ensure new privileges are loaded:
mysql -u username -pThen test the previously failing query:
SELECT id, name, salary FROM employees WHERE salary > 50000;If the query succeeds, the privilege issue is resolved. If the same error appears, verify the username and hostname match exactly (they're case-sensitive).
Column-level privileges are stored in the mysql.columns_priv system table. Only INSERT, UPDATE, SELECT, and REFERENCES can be granted at the column level; other privileges like DROP, CREATE, ALTER only exist at table or database level.
In UPDATE statements, be aware that SELECT privilege is also required for columns referenced in the WHERE clause or on the right side of assignments (col1 = col2). Similarly, DELETE operations require SELECT privilege for columns in the WHERE clause.
If you need to grant table-level privileges instead of column-level (simplifies management but less secure), use: GRANT SELECT ON database_name.table_name TO 'username'@'hostname';
For views and stored procedures with DEFINER clauses, ensure the definer user has the required column privileges, or use SQL SECURITY INVOKER to execute under the invoker's permissions instead.
To revoke column-level privileges, use: REVOKE SELECT (column_name) ON database_name.table_name FROM 'username'@'hostname';
ERROR 1064: You have an error in your SQL syntax
How to fix "ERROR 1064: You have an error in your SQL syntax" in MySQL
ERROR 1054: Unknown column in field list
Unknown column in field list
ER_WINDOW_RANGE_FRAME_NUMERIC_TYPE (3589): RANGE frame requires numeric ORDER BY expression
RANGE frame requires numeric ORDER BY expression in MySQL window functions
CR_ALREADY_CONNECTED (2058): Handle already connected
How to fix "CR_ALREADY_CONNECTED (2058): Handle already connected" in MySQL
ER_WINDOW_DUPLICATE_NAME (3591): Duplicate window name
How to fix ER_WINDOW_DUPLICATE_NAME (3591) in MySQL window functions