PG
PRO
pgref.dev/errors/2B000
2B000ERRORTier 2 — Caution✅ HIGH confidence

dependent privilege descriptors still exist

Category: Dependent Privilege Descriptors Still ExistVersions: All Postgres versions

What this means

SQLSTATE 2B000 is raised when a REVOKE GRANT OPTION statement cannot complete because there are dependent grant options — other roles received the privilege through the grant option that is being revoked. Use REVOKE ... CASCADE to propagate the revocation.

Why it happens

  1. 1REVOKE GRANT OPTION FOR on a privilege that was further granted by the grantee to other roles

How to reproduce

Revoking grant option where sub-grants exist.

trigger — this will ERROR
-- manager was granted SELECT WITH GRANT OPTION
-- manager then granted SELECT to analyst
REVOKE GRANT OPTION FOR SELECT ON employees FROM manager; -- 2B000: analyst still has it
ERROR: dependent privileges exist

Fix 1: Use CASCADE to revoke the grant option and all dependent grants

When the full privilege chain should be removed.

fix
REVOKE GRANT OPTION FOR SELECT ON employees FROM manager CASCADE;

Why this works

CASCADE causes Postgres to recursively revoke all grants that depended on the grant option being removed.

What not to do

Leave dependent privileges in place and ignore 2B000

Why it's wrong: Roles downstream in the grant chain will retain access that was intended to be removed.

Sources

📚 Official docs: https://www.postgresql.org/docs/current/errcodes-appendix.html

🔧 Source ref: Class 2B — Dependent Privilege Descriptors Still Exist

Confidence assessment

✅ HIGH confidence

Standard SQLSTATE for privilege grant option revocation. Stable across versions.

See also

📄 Reference pages

GRANTREVOKEGRANT OPTION
⚙️ This error reference was generated with AI assistance and reviewed for accuracy. Examples are provided to illustrate common scenarios and may not cover every case. Always test fixes in a development environment before applying to production. Spotted an error? Suggest a correction →
All Postgres errors