Sign in Subscribe
Concepts

Mercurial Column-Level Access

Andrios Robert

1 min read

The query hit the server. Rows streamed back, but not all columns. Some stayed locked behind permissions most tools cannot enforce. This is Mercurial Column-Level Access — precision control over who sees what, down to the single cell.

Column-level access is not just a compliance checkbox. It is a defensive perimeter inside your database. Mercurial’s implementation takes this further by making the rules dynamic, fast, and maintainable as schemas change. Instead of static grants buried in migrations, you define visibility at the column layer, with policies that are evaluated in real time.

When data models grow, the number of sensitive fields grows with them: emails, payment info, internal flags, confidential metrics. Traditional role-based access often leaks here because roles are too broad. Mercurial Column-Level Access binds visibility directly to fields, so even if you query SELECT *, the engine strips unauthorized columns before the result leaves the wire.

Performance is the other half of the equation. Many column-level security solutions push checks into application code. This creates overhead and drift. Mercurial pushes policies into the query path itself, filtering at execution time using optimized permission maps. Tests show almost no latency added compared to raw queries, even under heavy load.

Integration is direct. Wrap Mercurial around your database, declare your columns and rules in config or code, and rules stay in sync with schema migrations. No forked SQL, no brittle middleware. The policy engine supports advanced conditions, external identity providers, and different rules per environment, making least-privilege enforcement the default behavior.

Auditing becomes simple. Every denied column access is logged with user ID, role, query source, and timestamp. This enables rapid incident analysis, compliance reporting, and verification that policies are working as intended.

Mercurial Column-Level Access is not another bolt-on. It is a core capability that makes your data model resilient against internal leaks and external breaches alike. Control every column, every time.

See how it works with your own schema in minutes at hoop.dev — live, fast, and ready to protect your data where it matters most.