MySQLERRORCommonSecurityHIGH confidence

Illegal GRANT/REVOKE command

Q: How to fix MySQL 1144 Illegal GRANT/REVOKE command?

Use the correct privilege level for the grant: MySQL enforces privilege scope rules; each privilege has a specific level (global, database, table, column, routine) at which it can be granted.

Production Risk

Low — GRANT is rejected; no privilege change occurs.

What this means

ER_ILLEGAL_GRANT_FOR_TABLE (1144, SQLSTATE 42000) is raised when a GRANT or REVOKE statement uses a privilege that is not valid at the specified level (e.g., granting a database-level privilege at the table level).

Why it happens

1Granting a privilege that only applies at a higher scope at the table level (e.g., SUPER)
2Using a MySQL 8.0 role privilege in a GRANT on a specific table
3Incorrect GRANT syntax combining incompatible privilege types

How to reproduce

trigger — this will error

GRANT CREATE USER ON mydb.t TO 'user'@'host';

expected output

ERROR 1144 (42000): Illegal GRANT/REVOKE command; please consult the manual to see which privileges can be used

Fix

Use the correct privilege level for the grant

WHEN Always — match privilege scope to the GRANT target.

Use the correct privilege level for the grant

-- Global privileges must use *.*:
GRANT SUPER ON *.* TO 'user'@'host';
-- Table privileges use db.table:
GRANT SELECT, INSERT ON mydb.t TO 'user'@'host';

Why this works

MySQL enforces privilege scope rules; each privilege has a specific level (global, database, table, column, routine) at which it can be granted.

What not to do

✕ Trial-and-error GRANT statements in production

Failed GRANTs leave no trace but successful partial GRANTs may grant more than intended; test in a dev environment first.

Sources

Official documentation ↗

MySQL 8.0 — 1144 ER_ILLEGAL_GRANT_FOR_TABLE

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMySQL Error Numbers

Code1144

ClassSecurity

SeverityERROR

TierCommon

ConfidenceHIGH