MySQLERRORCommonAccess ControlHIGH confidence

Access denied; you need SUPER privilege for this operation

Q: How to fix MySQL 1227 Access denied; you need SUPER privilege for this operation?

Grant the required privilege: MySQL 8.0 split SUPER into fine-grained dynamic privileges. Use the narrowest privilege that satisfies the requirement.

Q: How to fix MySQL 1227 Access denied; you need SUPER privilege for this operation?

Strip DEFINER clauses when importing a dump: Without DEFINER, routines and views are created with the importing user as definer, requiring no SUPER privilege.

Production Risk

HIGH — blocks operations critical to replication, backup, and configuration management.

What this means

Error 1227 (SQLSTATE 42000) is returned when a statement requires a privilege that the current user does not hold — most commonly SUPER, but also REPLICATION CLIENT, REPLICATION SLAVE, RELOAD, or SYSTEM_VARIABLES_ADMIN depending on the operation.

Why it happens

1SET GLOBAL requires SUPER or SYSTEM_VARIABLES_ADMIN (MySQL 8.0+)
2Creating stored routines with DEFINER requires SUPER if the definer is not the current user
3CHANGE MASTER / STOP SLAVE requires REPLICATION CLIENT or SUPER
4KILL CONNECTION requires SUPER for killing other users' connections
5Importing a mysqldump that contains DEFINER clauses without SUPER privilege

How to reproduce

Setting a global variable without SUPER privilege.

trigger — this will error

SET GLOBAL slow_query_log = ON;
-- Current user lacks SUPER or SYSTEM_VARIABLES_ADMIN

expected output

ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation

Fix 1

Grant the required privilege

WHEN When the operation is legitimate and the user needs ongoing access.

Grant the required privilege

-- Grant SUPER (broad — use narrower privileges in MySQL 8+):
GRANT SUPER ON *.* TO 'appuser'@'localhost';

-- In MySQL 8.0+ prefer:
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'appuser'@'localhost';

Why this works

MySQL 8.0 split SUPER into fine-grained dynamic privileges. Use the narrowest privilege that satisfies the requirement.

Fix 2

Strip DEFINER clauses when importing a dump

WHEN When importing a mysqldump that fails due to DEFINER.

Strip DEFINER clauses when importing a dump

-- Strip DEFINER from dump before importing:
sed 's/DEFINER=[^ ]*//' dump.sql | mysql -u appuser -p mydb

Why this works

Without DEFINER, routines and views are created with the importing user as definer, requiring no SUPER privilege.

What not to do

✕ Grant SUPER to application users

SUPER grants the ability to bypass many security controls; use narrower privileges instead.

Version notes

MySQL 8.0+

SUPER is deprecated in favour of fine-grained dynamic privileges (SYSTEM_VARIABLES_ADMIN, REPLICATION_SLAVE_ADMIN, etc.).

MariaDB 10.5+

SUPER is retained but MariaDB also adds fine-grained privilege roles.

Sources

Official documentation ↗

MariaDB Server error code 1227 / ER_SPECIFIC_ACCESS_DENIED_ERROR

MariaDB GRANT Global Privileges ↗MySQL 8.0 Dynamic Privileges ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMySQL Error Numbers

Code1227

ClassAccess Control

SeverityERROR

TierCommon

ConfidenceHIGH