How to fix MariaDB 3395 Cannot grant system privilege to a mandatory role?

Use a separate non-mandatory role for system privileges: System privileges are scoped to specific administrator accounts rather than all users.

3395

MariaDBERRORCommonAccess ControlHIGH confidence

Cannot grant system privilege to a mandatory role

Production Risk

Low — GRANT fails; no privilege escalation occurs.

How to reproduce

trigger — this will error

GRANT SYSTEM_USER ON *.* TO mandatory_role;

expected output

ERROR 3395 (HY000): Cannot grant system privilege to a mandatory role.

Fix

Use a separate non-mandatory role for system privileges

CREATE ROLE admin_role; GRANT SYSTEM_USER ON *.* TO admin_role; GRANT admin_role TO 'admin'@'localhost';

Why this works

System privileges are scoped to specific administrator accounts rather than all users.

What not to do

Sources

MySQL 8.0 — 3395 ER_CANNOT_GRANT_SYSTEM_PRIV_TO_MANDATORY_ROLE

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMariaDB Error Codes

Code3395

ClassAccess Control

SeverityERROR

TierCommon

ConfidenceHIGH