The normal solution for such customised security is to CREATE a stored PROCEDURE, which you will design to control the columns and values for the update via parameters and whose execution can be granted as a permission. The rights of a stored procedure are inherited from its owner rather than the user running it.