Will It Vibe logoWill It Vibe?
SQL-003High severity-15 points

GRANT ALL PRIVILEGES statement

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.

What it detects

GRANT ALL (PRIVILEGES) hands a role every permission on the target instead of the specific ones it needs, so a compromise of that role compromises the whole database or schema.

Why it matters

GRANT ALL PRIVILEGES gives a role every permission on the target (create, alter, drop, insert, delete, and more), not just the ones the application actually uses. If that role's credentials leak or the application has an injection flaw, the attacker inherits the same unrestricted access rather than a narrow, contained one.

How to fix it

Replace ALL PRIVILEGES with the specific privileges the role needs (typically SELECT, INSERT, UPDATE, DELETE for an application role; add others only when a real feature requires them). Grant schema-level or table-level privileges rather than instance-wide ones where possible, and use a separate, more privileged role only for migrations.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks