0L000ERRORTier 2 — Caution✅ HIGH confidenceinvalid grantor
Category: Invalid GrantorVersions: All Postgres versions
What this means
SQLSTATE 0L000 is raised when a GRANT or REVOKE statement specifies a grantor role that does not hold the privilege being granted, making the grant invalid under the SQL standard privilege model.
Why it happens
- 1Attempting to GRANT a privilege WITH GRANT OPTION but the specified grantor does not hold that privilege
How to reproduce
GRANT issued by a role that does not hold the privilege.
trigger — this will ERROR
GRANT SELECT ON secret_table TO analyst; -- current role lacks SELECTERROR: invalid grantor
Fix 1: Ensure the granting role has the privilege and GRANT OPTION
When setting up privilege chains.
fix
-- Connect as superuser or a role with GRANT OPTION:
GRANT SELECT ON secret_table TO manager WITH GRANT OPTION;
-- Then connect as manager and grant to analyst:
GRANT SELECT ON secret_table TO analyst;Why this works
The grantor must itself hold the privilege (with GRANT OPTION if delegating) for the GRANT to be valid.
Sources
📚 Official docs: https://www.postgresql.org/docs/current/errcodes-appendix.html
🔧 Source ref: Class 0L — Invalid Grantor
Confidence assessment
✅ HIGH confidence
Standard SQLSTATE for privilege grant validation. Stable across versions.
See also
🔗 Related errors
📄 Reference pages
GRANTREVOKE
⚙️ This error reference was generated with AI assistance and reviewed for accuracy. Examples are provided to illustrate common scenarios and may not cover every case. Always test fixes in a development environment before applying to production. Spotted an error? Suggest a correction →