How to fix MariaDB 2028 Illegal GRANT or REVOKE command?

Use a privilege that is valid at the specified scope: Only SELECT, INSERT, UPDATE, and REFERENCES are valid column-level privileges.

How to fix MariaDB 2028 Illegal GRANT or REVOKE command?

Move schema-level privileges to the correct scope: Schema-level privileges must be granted at the database or global scope.

2028

MariaDBERRORNotableAccess ControlHIGH confidence

Illegal GRANT or REVOKE command

Production Risk

Low — GRANT/REVOKE is rejected.

What this means

A GRANT or REVOKE statement used an invalid combination of privileges and object scope. For example, trying to grant a database-level-only privilege at the column level.

Why it happens

1Attempting to grant CREATE, DROP, or similar schema privileges at the column level.
2Privilege not applicable to the object type specified (e.g. FILE privilege on a table).
3Syntax error in the GRANT target specification.

How to reproduce

trigger — this will error

GRANT CREATE ON mydb.t1 (col1) TO 'user'@'%'; -- CREATE is not a column-level privilege

expected output

ERROR 2028 (HY000): Illegal GRANT/REVOKE command; please consult the manual to see which privileges can be used.

Fix 1

Use a privilege that is valid at the specified scope

GRANT SELECT (col1) ON mydb.t1 TO 'user'@'%'; -- column-level SELECT is valid

Why this works

Only SELECT, INSERT, UPDATE, and REFERENCES are valid column-level privileges.

Fix 2

Move schema-level privileges to the correct scope

GRANT CREATE ON mydb.* TO 'user'@'%';

Why this works

Schema-level privileges must be granted at the database or global scope.

What not to do

Sources

Official documentation ↗

MySQL 8.0 — 2028 ER_ILLEGAL_GRANT_FOR_TABLE

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMariaDB Error Codes

Code2028

ClassAccess Control

SeverityERROR

TierNotable

ConfidenceHIGH