How to fix MariaDB 3601 Partial revoke not supported with privilege aggregation?

Use explicit privilege lists: Avoids ALL PRIVILEGES aggregation that conflicts with partial revokes.

3601

MariaDBERRORNotableAccess ControlHIGH confidence

Partial revoke not supported with privilege aggregation

Production Risk

Low — The GRANT fails; existing privileges remain unchanged.

How to reproduce

trigger — this will error

GRANT ALL PRIVILEGES ON *.* TO 'user'@'%';
REVOKE SELECT ON restricted_db.* FROM 'user'@'%';
GRANT ALL PRIVILEGES ON *.* TO 'user'@'%'; -- aggregation conflict

expected output

ERROR 3601 (HY000): Partial revoke is not supported with privilege aggregation.

Fix

Use explicit privilege lists

GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'user'@'%';

Why this works

Avoids ALL PRIVILEGES aggregation that conflicts with partial revokes.

What not to do

Version notes

Sources

Official documentation ↗

MySQL 8.0 — 3601 ER_PARTIAL_REVOKE_NOT_SUPPORTED_WITH_AGGREGATION

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMariaDB Error Codes

Code3601

ClassAccess Control

SeverityERROR

TierNotable

ConfidenceHIGH