PG
PRO
pgref.dev/mariadb/errors/1227
1227ERRORTier 1 — Safe✅ HIGH confidence

Access denied; you need SUPER privilege for this operation

Category: Access ControlVersions: All MariaDB / MySQL versions

🔴 Production Risk Error

HIGH — blocks operations critical to replication, backup, and configuration management.

What this means

Error 1227 (SQLSTATE 42000) is returned when a statement requires a privilege that the current user does not hold — most commonly SUPER, but also REPLICATION CLIENT, REPLICATION SLAVE, RELOAD, or SYSTEM_VARIABLES_ADMIN depending on the operation.

Why it happens

  1. 1SET GLOBAL requires SUPER or SYSTEM_VARIABLES_ADMIN (MySQL 8.0+)
  2. 2Creating stored routines with DEFINER requires SUPER if the definer is not the current user
  3. 3CHANGE MASTER / STOP SLAVE requires REPLICATION CLIENT or SUPER
  4. 4KILL CONNECTION requires SUPER for killing other users' connections
  5. 5Importing a mysqldump that contains DEFINER clauses without SUPER privilege

How to reproduce

Setting a global variable without SUPER privilege.

trigger — this will ERROR
SET GLOBAL slow_query_log = ON;
-- Current user lacks SUPER or SYSTEM_VARIABLES_ADMIN
ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation

Fix 1: Grant the required privilege

When the operation is legitimate and the user needs ongoing access.

fix
-- Grant SUPER (broad — use narrower privileges in MySQL 8+):
GRANT SUPER ON *.* TO 'appuser'@'localhost';

-- In MySQL 8.0+ prefer:
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'appuser'@'localhost';

Why this works

MySQL 8.0 split SUPER into fine-grained dynamic privileges. Use the narrowest privilege that satisfies the requirement.

Fix 2: Strip DEFINER clauses when importing a dump

When importing a mysqldump that fails due to DEFINER.

fix
-- Strip DEFINER from dump before importing:
sed 's/DEFINER=[^ ]*//' dump.sql | mysql -u appuser -p mydb

Why this works

Without DEFINER, routines and views are created with the importing user as definer, requiring no SUPER privilege.

What not to do

Grant SUPER to application users

Why it's wrong: SUPER grants the ability to bypass many security controls; use narrower privileges instead.

Version notes

MySQL 8.0+SUPER is deprecated in favour of fine-grained dynamic privileges (SYSTEM_VARIABLES_ADMIN, REPLICATION_SLAVE_ADMIN, etc.).
MariaDB 10.5+SUPER is retained but MariaDB also adds fine-grained privilege roles.

Dangerous variant

⚠️ Warning

Granting SUPER to application accounts is a critical security vulnerability.

Sources

📚 Official docs: https://mariadb.com/kb/en/grant/#global-privileges

🔧 Source ref: MariaDB Server error code 1227 / ER_SPECIFIC_ACCESS_DENIED_ERROR

📖 Further reading: MariaDB GRANT Global Privileges

📖 Further reading: MySQL 8.0 Dynamic Privileges

Confidence assessment

✅ HIGH confidence

Stable. Privilege semantics well documented.

See also

📄 Reference pages

GRANTSUPER privilegeSYSTEM_VARIABLES_ADMIN
⚙️ This error reference was generated with AI assistance and reviewed for accuracy. Examples are provided to illustrate common scenarios and may not cover every case. Always test fixes in a development environment before applying to production. Spotted an error? Suggest a correction →
All MariaDB errors