How to fix PostgreSQL 0L000 invalid grantor?

Ensure the granting role has the privilege and GRANT OPTION: The grantor must itself hold the privilege (with GRANT OPTION if delegating) for the GRANT to be valid.

0L000

PostgreSQLERRORNotableInvalid GrantorHIGH confidence

invalid grantor

What this means

SQLSTATE 0L000 is raised when a GRANT or REVOKE statement specifies a grantor role that does not hold the privilege being granted, making the grant invalid under the SQL standard privilege model.

Why it happens

1Attempting to GRANT a privilege WITH GRANT OPTION but the specified grantor does not hold that privilege

How to reproduce

GRANT issued by a role that does not hold the privilege.

trigger — this will error

GRANT SELECT ON secret_table TO analyst; -- current role lacks SELECT

expected output

ERROR:  invalid grantor

Fix

Ensure the granting role has the privilege and GRANT OPTION

WHEN When setting up privilege chains.

Ensure the granting role has the privilege and GRANT OPTION

-- Connect as superuser or a role with GRANT OPTION:
GRANT SELECT ON secret_table TO manager WITH GRANT OPTION;
-- Then connect as manager and grant to analyst:
GRANT SELECT ON secret_table TO analyst;

Why this works

The grantor must itself hold the privilege (with GRANT OPTION if delegating) for the GRANT to be valid.

Sources

Official documentation ↗

Class 0L — Invalid Grantor

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformPostgreSQL SQLSTATE Errors

Code0L000

ClassInvalid Grantor

SeverityERROR

TierNotable

ConfidenceHIGH