create user foo;
create database some_db;
create table some_db.t1 (a int, b int, secret int);
create role r_select_column;
create role r_active_column;
grant r_select_column to r_active_column;
grant r_active_column to foo;
grant select(a) on some_db.t1 to r_select_column;
select * from mysql.tables_priv order by user;
Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv
localhost	mysql	mariadb.sys	global_priv	root@localhost	0000-00-00 00:00:00	Select,Delete	
	some_db	r_select_column	t1	root@localhost	0000-00-00 00:00:00		Select
grant insert(a) on some_db.t1 to r_active_column;
select * from mysql.tables_priv order by user;
Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv
localhost	mysql	mariadb.sys	global_priv	root@localhost	0000-00-00 00:00:00	Select,Delete	
	some_db	r_active_column	t1	root@localhost	0000-00-00 00:00:00		Insert
	some_db	r_select_column	t1	root@localhost	0000-00-00 00:00:00		Select
connect  con1, localhost, foo,,;
insert into some_db.t1(a) values (1);
ERROR 42000: INSERT command denied to user 'foo'@'localhost' for table `some_db`.`t1`
set role r_active_column;
insert into some_db.t1(a) values (1);
disconnect con1;
connection default;
revoke insert(a) on some_db.t1 from r_active_column;
connect  con1, localhost, foo,,;
insert into some_db.t1(a) values (1);
ERROR 42000: INSERT command denied to user 'foo'@'localhost' for table `some_db`.`t1`
set role r_active_column;
insert into some_db.t1(a) values (1);
ERROR 42000: INSERT command denied to user 'foo'@'localhost' for table `some_db`.`t1`
disconnect con1;
connection default;
drop role r_select_column;
drop role r_active_column;
drop user foo;
drop database some_db;